Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-11738 (GCVE-0-2024-11738)
Vulnerability from cvelistv5 – Published: 2024-12-06 14:54 – Updated: 2025-11-20 18:22
VLAI?
EPSS
Title
Rustls: rustls network-reachable panic in `acceptor::accept`
Summary
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
Severity ?
5.3 (Medium)
CWE
- CWE-248 - Uncaught Exception
Assigner
References
| URL | Tags | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0.23.13 , < 0.23.18
(semver)
|
||||||||||||||
|
||||||||||||||
Date Public ?
2024-11-25 16:57
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11738",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T17:45:01.886756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T17:45:12.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/rustls/rustls",
"defaultStatus": "unaffected",
"packageName": "rustls",
"versions": [
{
"lessThan": "0.23.18",
"status": "affected",
"version": "0.23.13",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"packageName": "rhtas/tuffer-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1"
],
"defaultStatus": "unaffected",
"packageName": "rhtas/tuftool-rhel9",
"product": "Red Hat Trusted Artifact Signer",
"vendor": "Red Hat"
}
],
"datePublic": "2024-11-25T16:57:34.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:22:11.892Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-11738"
},
{
"name": "RHBZ#2328732",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328732"
},
{
"url": "https://github.com/advisories/GHSA-qg5g-gv98-5ffh"
},
{
"url": "https://github.com/rustls/rustls"
},
{
"url": "https://github.com/rustls/rustls/issues/2227"
},
{
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-25T18:01:22.985Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-25T16:57:34.000Z",
"value": "Made public."
}
],
"title": "Rustls: rustls network-reachable panic in `acceptor::accept`",
"x_redhatCweChain": "CWE-248: Uncaught Exception"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-11738",
"datePublished": "2024-12-06T14:54:11.310Z",
"dateReserved": "2024-11-26T07:32:36.161Z",
"dateUpdated": "2025-11-20T18:22:11.892Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-11738",
"date": "2026-04-16",
"epss": "0.0022",
"percentile": "0.44664"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-11738\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-12-06T15:15:07.723\",\"lastModified\":\"2025-07-29T19:22:23.353\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en Rustls 0.23.13 y API relacionadas. Esta vulnerabilidad permite la denegaci\u00f3n de servicio (p\u00e1nico) a trav\u00e9s de un mensaje ClientHello de TLS fragmentado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rustls_project:rustls:0.23.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6038A32-4F35-44E0-96AE-4292681A27C0\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-11738\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2328732\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/advisories/GHSA-qg5g-gv98-5ffh\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/rustls/rustls\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rustls/rustls/issues/2227\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2024-0399.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-11738\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-12-06T17:45:01.886756Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-12-06T17:40:48.866Z\"}}], \"cna\": {\"title\": \"Rustls: rustls network-reachable panic in `acceptor::accept`\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"versions\": [{\"status\": \"affected\", \"version\": \"0.23.13\", \"lessThan\": \"0.23.18\", \"versionType\": \"semver\"}], \"packageName\": \"rustls\", \"collectionURL\": \"https://github.com/rustls/rustls\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/tuffer-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"packageName\": \"rhtas/tuftool-rhel9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-11-25T18:01:22.985Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-11-25T16:57:34.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2024-11-25T16:57:34.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2024-11738\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2328732\", \"name\": \"RHBZ#2328732\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://github.com/advisories/GHSA-qg5g-gv98-5ffh\"}, {\"url\": \"https://github.com/rustls/rustls\"}, {\"url\": \"https://github.com/rustls/rustls/issues/2227\"}, {\"url\": \"https://rustsec.org/advisories/RUSTSEC-2024-0399.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-248\", \"description\": \"Uncaught Exception\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-11-20T18:22:11.892Z\"}, \"x_redhatCweChain\": \"CWE-248: Uncaught Exception\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-11738\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T18:22:11.892Z\", \"dateReserved\": \"2024-11-26T07:32:36.161Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2024-12-06T14:54:11.310Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2024-11738
Vulnerability from fkie_nvd - Published: 2024-12-06 15:15 - Updated: 2025-07-29 19:22
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2024-11738 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2328732 | Vendor Advisory | |
| secalert@redhat.com | https://github.com/advisories/GHSA-qg5g-gv98-5ffh | Third Party Advisory | |
| secalert@redhat.com | https://github.com/rustls/rustls | Product | |
| secalert@redhat.com | https://github.com/rustls/rustls/issues/2227 | Exploit, Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://rustsec.org/advisories/RUSTSEC-2024-0399.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rustls_project | rustls | 0.23.13 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rustls_project:rustls:0.23.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B6038A32-4F35-44E0-96AE-4292681A27C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en Rustls 0.23.13 y API relacionadas. Esta vulnerabilidad permite la denegaci\u00f3n de servicio (p\u00e1nico) a trav\u00e9s de un mensaje ClientHello de TLS fragmentado."
}
],
"id": "CVE-2024-11738",
"lastModified": "2025-07-29T19:22:23.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-06T15:15:07.723",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-11738"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2328732"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/advisories/GHSA-qg5g-gv98-5ffh"
},
{
"source": "secalert@redhat.com",
"tags": [
"Product"
],
"url": "https://github.com/rustls/rustls"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/rustls/rustls/issues/2227"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-248"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
OPENSUSE-SU-2024:14539-1
Vulnerability from csaf_opensuse - Published: 2024-12-03 00:00 - Updated: 2024-12-03 00:00Summary
himmelblau-0.7.7+git.0.b48d0bb-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: himmelblau-0.7.7+git.0.b48d0bb-1.1 on GA media
Description of the patch: These are all security issues fixed in the himmelblau-0.7.7+git.0.b48d0bb-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14539
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "himmelblau-0.7.7+git.0.b48d0bb-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the himmelblau-0.7.7+git.0.b48d0bb-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14539",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14539-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11738 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11738/"
}
],
"title": "himmelblau-0.7.7+git.0.b48d0bb-1.1 on GA media",
"tracking": {
"current_release_date": "2024-12-03T00:00:00Z",
"generator": {
"date": "2024-12-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14539-1",
"initial_release_date": "2024-12-03T00:00:00Z",
"revision_history": [
{
"date": "2024-12-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product_id": "himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product_id": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product_id": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product_id": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"product_id": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product_id": "himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product_id": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product_id": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product_id": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"product_id": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"product": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"product_id": "himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"product": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"product_id": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"product": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"product_id": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"product": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"product_id": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"product": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"product_id": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product_id": "himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product_id": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product_id": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product_id": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"product_id": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64"
},
"product_reference": "himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le"
},
"product_reference": "himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x"
},
"product_reference": "himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
},
"product_reference": "himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64"
},
"product_reference": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le"
},
"product_reference": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x"
},
"product_reference": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64"
},
"product_reference": "himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64"
},
"product_reference": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le"
},
"product_reference": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x"
},
"product_reference": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64"
},
"product_reference": "himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64"
},
"product_reference": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le"
},
"product_reference": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x"
},
"product_reference": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64"
},
"product_reference": "libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64"
},
"product_reference": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le"
},
"product_reference": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x"
},
"product_reference": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
},
"product_reference": "pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11738",
"url": "https://www.suse.com/security/cve/CVE-2024-11738"
},
{
"category": "external",
"summary": "SUSE Bug 1233897 for CVE-2024-11738",
"url": "https://bugzilla.suse.com/1233897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-0.7.7+git.0.b48d0bb-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-0.7.7+git.0.b48d0bb-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-11738"
}
]
}
MSRC_CVE-2024-11738
Vulnerability from csaf_microsoft - Published: 2024-12-02 00:00 - Updated: 2026-02-21 02:21Summary
Rustls: rustls network-reachable panic in `acceptor::accept`
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
5.3 (Medium)
Vendor Fix
1.86.0-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
Vendor Fix
1.86.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept` - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-11738.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Rustls: rustls network-reachable panic in `acceptor::accept`",
"tracking": {
"current_release_date": "2026-02-21T02:21:25.000Z",
"generator": {
"date": "2026-02-21T03:50:09.551Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-11738",
"initial_release_date": "2024-12-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T22:13:58.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-21T02:21:25.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.86.0-6",
"product": {
"name": "\u003cazl3 rust 1.86.0-6",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.86.0-6",
"product": {
"name": "azl3 rust 1.86.0-6",
"product_id": "20424"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 rust 1.86.0-4",
"product": {
"name": "\u003cazl3 rust 1.86.0-4",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 rust 1.86.0-4",
"product": {
"name": "azl3 rust 1.86.0-4",
"product_id": "20141"
}
}
],
"category": "product_name",
"name": "rust"
},
{
"category": "product_name",
"name": "azl3 rust 1.75.0-14",
"product": {
"name": "azl3 rust 1.75.0-14",
"product_id": "3"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.75.0-14 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.86.0-6 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-6 as a component of Azure Linux 3.0",
"product_id": "20424-17084"
},
"product_reference": "20424",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 rust 1.86.0-4 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 rust 1.86.0-4 as a component of Azure Linux 3.0",
"product_id": "20141-17084"
},
"product_reference": "20141",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-3"
]
}
],
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20424-17084",
"20141-17084"
],
"known_affected": [
"17084-1",
"17084-2"
],
"known_not_affected": [
"17084-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept` - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-11738.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T22:13:58.000Z",
"details": "1.86.0-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-09-03T22:13:58.000Z",
"details": "1.86.0-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"17084-1",
"17084-2"
]
}
],
"title": "Rustls: rustls network-reachable panic in `acceptor::accept`"
}
]
}
SUSE-SU-2026:1361-1
Vulnerability from csaf_suse - Published: 2026-04-15 14:14 - Updated: 2026-04-15 14:14Summary
Security update for himmelblau
Severity
Important
Notes
Title of the patch: Security update for himmelblau
Description of the patch: This update for himmelblau fixes the following issues:
Update to version 2.3.9+git0.a9fd29b; (jsc#PED-14511):
- CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324).
- CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548).
- CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904).
- CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013).
- CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735).
- CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437).
- CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949).
Other bug fixes:
- Fix SELinux module packaging to use standard policy macros (bsc#1258236).
Patchnames: SUSE-2026-1361,SUSE-SLE-Module-Basesystem-15-SP7-2026-1361
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for himmelblau",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for himmelblau fixes the following issues:\n\nUpdate to version 2.3.9+git0.a9fd29b; (jsc#PED-14511):\n\n- CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup (bsc#1261324).\n- CVE-2026-31979: Fix race condition when accessiung /tmp/krb5cc_uid (bsc#1259548).\n- CVE-2026-25727: deps(rust): Bump the `all-cargo-updates` group with 8 updates (bsc#1257904).\n- CVE-2025-58160: deps(rust): Bump `tracing-subscriber` in the cargo group (bsc#1249013).\n- CVE-2025-54882: Fix Kerberos credential cache permissions (bsc#1247735).\n- CVE-2025-53013: Fix permitted authentication with invalid Hello PIN (bsc#1245437).\n- CVE-2024-11738: Fix `rustls` network-reachable panic in `Acceptor::accept` (bsc#1233949).\n\nOther bug fixes:\n\n- Fix SELinux module packaging to use standard policy macros (bsc#1258236).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1361,SUSE-SLE-Module-Basesystem-15-SP7-2026-1361",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1361-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1361-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261361-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1361-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045555.html"
},
{
"category": "self",
"summary": "SUSE Bug 1233949",
"url": "https://bugzilla.suse.com/1233949"
},
{
"category": "self",
"summary": "SUSE Bug 1245437",
"url": "https://bugzilla.suse.com/1245437"
},
{
"category": "self",
"summary": "SUSE Bug 1247735",
"url": "https://bugzilla.suse.com/1247735"
},
{
"category": "self",
"summary": "SUSE Bug 1249013",
"url": "https://bugzilla.suse.com/1249013"
},
{
"category": "self",
"summary": "SUSE Bug 1257904",
"url": "https://bugzilla.suse.com/1257904"
},
{
"category": "self",
"summary": "SUSE Bug 1258236",
"url": "https://bugzilla.suse.com/1258236"
},
{
"category": "self",
"summary": "SUSE Bug 1259548",
"url": "https://bugzilla.suse.com/1259548"
},
{
"category": "self",
"summary": "SUSE Bug 1261324",
"url": "https://bugzilla.suse.com/1261324"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11738 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-53013 page",
"url": "https://www.suse.com/security/cve/CVE-2025-53013/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31979 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34397 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34397/"
}
],
"title": "Security update for himmelblau",
"tracking": {
"current_release_date": "2026-04-15T14:14:00Z",
"generator": {
"date": "2026-04-15T14:14:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1361-1",
"initial_release_date": "2026-04-15T14:14:00Z",
"revision_history": [
{
"date": "2026-04-15T14:14:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product": {
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product_id": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product": {
"name": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product_id": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product": {
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product_id": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product": {
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"product_id": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"product": {
"name": "himmelblau-qr-greeter-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"product_id": "himmelblau-qr-greeter-2.3.9+git0.a9fd29b-150700.3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"product": {
"name": "himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"product_id": "himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product": {
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product_id": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product": {
"name": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product_id": "himmelblau-sso-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product": {
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product_id": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product": {
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"product_id": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
},
"product_reference": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
},
"product_reference": "himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch"
},
"product_reference": "himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
},
"product_reference": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
},
"product_reference": "libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64"
},
"product_reference": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
},
"product_reference": "pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11738"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11738",
"url": "https://www.suse.com/security/cve/CVE-2024-11738"
},
{
"category": "external",
"summary": "SUSE Bug 1233897 for CVE-2024-11738",
"url": "https://bugzilla.suse.com/1233897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-11738"
},
{
"cve": "CVE-2025-53013",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-53013"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-53013",
"url": "https://www.suse.com/security/cve/CVE-2025-53013"
},
{
"category": "external",
"summary": "SUSE Bug 1245437 for CVE-2025-53013",
"url": "https://bugzilla.suse.com/1245437"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-53013"
},
{
"cve": "CVE-2025-54882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54882"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54882",
"url": "https://www.suse.com/security/cve/CVE-2025-54882"
},
{
"category": "external",
"summary": "SUSE Bug 1247735 for CVE-2025-54882",
"url": "https://bugzilla.suse.com/1247735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "important"
}
],
"title": "CVE-2025-54882"
},
{
"cve": "CVE-2025-58160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58160"
}
],
"notes": [
{
"category": "general",
"text": "tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58160",
"url": "https://www.suse.com/security/cve/CVE-2025-58160"
},
{
"category": "external",
"summary": "SUSE Bug 1249007 for CVE-2025-58160",
"url": "https://bugzilla.suse.com/1249007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "low"
}
],
"title": "CVE-2025-58160"
},
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
},
{
"cve": "CVE-2026-31979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31979"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_\u003cuid\u003e without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon\u0027s systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31979",
"url": "https://www.suse.com/security/cve/CVE-2026-31979"
},
{
"category": "external",
"summary": "SUSE Bug 1259548 for CVE-2026-31979",
"url": "https://bugzilla.suse.com/1259548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "important"
}
],
"title": "CVE-2026-31979"
},
{
"cve": "CVE-2026-34397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34397"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escalation vulnerability in an edge-case naming collision. Only authenticated himmelblau users whose mapped CN/short name exactly matches a privileged local group name (e.g., \"sudo\", \"wheel\", \"docker\", \"adm\") can cause the NSS module to resolve that group name to their fake primary group. If the system uses NSS results for group-based authorization decisions (sudo, polkit, etc.), this can grant the attacker the privileges of that group. This issue has been patched in versions 2.3.9 and 3.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34397",
"url": "https://www.suse.com/security/cve/CVE-2026-34397"
},
{
"category": "external",
"summary": "SUSE Bug 1261324 for CVE-2026-34397",
"url": "https://bugzilla.suse.com/1261324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:himmelblau-sshd-config-2.3.9+git0.a9fd29b-150700.3.15.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libnss_himmelblau2-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:pam-himmelblau-2.3.9+git0.a9fd29b-150700.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-15T14:14:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-34397"
}
]
}
rustsec-2024-0399
Vulnerability from osv_rustsec
Published
2024-11-22 12:00
Modified
2025-10-28 06:02
Summary
rustls network-reachable panic in `Acceptor::accept`
Details
A bug introduced in rustls 0.23.13 leads to a panic if the received
TLS ClientHello is fragmented. Only servers that use
rustls::server::Acceptor::accept() are affected.
Servers that use tokio-rustls's LazyConfigAcceptor API are affected.
Servers that use tokio-rustls's TlsAcceptor API are not affected.
Servers that use rustls-ffi's rustls_acceptor_accept API are affected.
References
| URL | Type | |
|---|---|---|
{
"affected": [
{
"database_specific": {
"categories": [
"denial-of-service"
],
"cvss": null,
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "rustls",
"purl": "pkg:cargo/rustls"
},
"ranges": [
{
"events": [
{
"introduced": "0.23.0"
},
{
"fixed": "0.23.0"
},
{
"introduced": "0.23.13"
},
{
"fixed": "0.23.18"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2024-11738",
"GHSA-qg5g-gv98-5ffh"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "A bug introduced in rustls 0.23.13 leads to a panic if the received\nTLS ClientHello is fragmented. Only servers that use\n`rustls::server::Acceptor::accept()` are affected.\n\nServers that use `tokio-rustls`\u0027s `LazyConfigAcceptor` API are affected.\n\nServers that use `tokio-rustls`\u0027s `TlsAcceptor` API are not affected.\n\nServers that use `rustls-ffi`\u0027s `rustls_acceptor_accept` API are affected.",
"id": "RUSTSEC-2024-0399",
"modified": "2025-10-28T06:02:18Z",
"published": "2024-11-22T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/rustls"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0399.html"
},
{
"type": "REPORT",
"url": "https://github.com/rustls/rustls/issues/2227"
}
],
"related": [],
"severity": [],
"summary": "rustls network-reachable panic in `Acceptor::accept`"
}
WID-SEC-W-2025-0686
Vulnerability from csaf_certbund - Published: 2025-04-02 22:00 - Updated: 2025-04-02 22:00Summary
IBM DataPower Gateway: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das DataPower Gateway ist eine Software zur Unterstützung von Unternehmen bei der Erfüllung der Sicherheits- und Integrationsanforderungen.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuführen, oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme: - Linux
- UNIX
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das DataPower Gateway ist eine Software zur Unterst\u00fctzung von Unternehmen bei der Erf\u00fcllung der Sicherheits- und Integrationsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0686 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0686.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0686 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0686"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229938"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229939"
}
],
"source_lang": "en-US",
"title": "IBM DataPower Gateway: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-02T22:00:00.000+00:00",
"generator": {
"date": "2025-04-03T08:44:46.510+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0686",
"initial_release_date": "2025-04-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.3",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.3",
"product_id": "T042328"
}
},
{
"category": "product_version",
"name": "10.6.3",
"product": {
"name": "IBM DataPower Gateway 10.6.3",
"product_id": "T042328-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.0.16",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.16",
"product_id": "T042329"
}
},
{
"category": "product_version",
"name": "10.5.0.16",
"product": {
"name": "IBM DataPower Gateway 10.5.0.16",
"product_id": "T042329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.4",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.4",
"product_id": "T042330"
}
},
{
"category": "product_version",
"name": "10.6.0.4",
"product": {
"name": "IBM DataPower Gateway 10.6.0.4",
"product_id": "T042330-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.4"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-11738"
},
{
"cve": "CVE-2024-12224",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-12224"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…