Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58056 (GCVE-0-2025-58056)
Vulnerability from cvelistv5 – Published: 2025-09-03 20:56 – Updated: 2025-09-05 18:41
VLAI
EPSS
Title
Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
Summary
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/netty/netty/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/JLLeitschuh/unCVEed/issues/1 | x_refsource_MISC |
| https://github.com/netty/netty/issues/15522 | x_refsource_MISC |
| https://github.com/netty/netty/pull/15611 | x_refsource_MISC |
| https://github.com/netty/netty/commit/edb55fd8e0a… | x_refsource_MISC |
| https://datatracker.ietf.org/doc/html/rfc9112#nam… | x_refsource_MISC |
| https://w4ke.info/2025/06/18/funky-chunks.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58056",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-04T19:09:52.390986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-04T19:11:36.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "netty",
"vendor": "netty",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2.0.Alpha3, \u003c 4.2.5.Final"
},
{
"status": "affected",
"version": "\u003c= 4.1.124.Final, \u003c 4.1.125.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.9,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T18:41:21.428Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"name": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"name": "https://github.com/netty/netty/issues/15522",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/issues/15522"
},
{
"name": "https://github.com/netty/netty/pull/15611",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/pull/15611"
},
{
"name": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"name": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"tags": [
"x_refsource_MISC"
],
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"name": "https://w4ke.info/2025/06/18/funky-chunks.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"source": {
"advisory": "GHSA-fghv-69vj-qj49",
"discovery": "UNKNOWN"
},
"title": "Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58056",
"datePublished": "2025-09-03T20:56:50.732Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-09-05T18:41:21.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58056",
"date": "2026-06-04",
"epss": "0.00097",
"percentile": "0.26713"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58056\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-03T21:15:33.070\",\"lastModified\":\"2025-09-08T16:46:36.847\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":2.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.125\",\"matchCriteriaId\":\"91C23E45-E625-4679-8474-298E01E084C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.5\",\"matchCriteriaId\":\"E6E1F3B6-A0E5-41A0-B7A3-938909C8C705\"}]}]}],\"references\":[{\"url\":\"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Technical Description\"]},{\"url\":\"https://github.com/JLLeitschuh/unCVEed/issues/1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/netty/netty/issues/15522\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/netty/netty/pull/15611\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://w4ke.info/2025/06/18/funky-chunks.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Broken Link\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58056\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-04T19:09:52.390986Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-04T19:10:33.930Z\"}}], \"cna\": {\"title\": \"Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\", \"source\": {\"advisory\": \"GHSA-fghv-69vj-qj49\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 2.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"netty\", \"product\": \"netty\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.2.0.Alpha3, \u003c 4.2.5.Final\"}, {\"status\": \"affected\", \"version\": \"\u003c= 4.1.124.Final, \u003c 4.1.125.Final\"}]}], \"references\": [{\"url\": \"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49\", \"name\": \"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/JLLeitschuh/unCVEed/issues/1\", \"name\": \"https://github.com/JLLeitschuh/unCVEed/issues/1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/netty/netty/issues/15522\", \"name\": \"https://github.com/netty/netty/issues/15522\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/netty/netty/pull/15611\", \"name\": \"https://github.com/netty/netty/pull/15611\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284\", \"name\": \"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding\", \"name\": \"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://w4ke.info/2025/06/18/funky-chunks.html\", \"name\": \"https://w4ke.info/2025/06/18/funky-chunks.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-09-05T18:41:21.428Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58056\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-05T18:41:21.428Z\", \"dateReserved\": \"2025-08-22T14:30:32.221Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-03T20:56:50.732Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2025:18028
Vulnerability from csaf_redhat - Published: 2025-10-14 17:59 - Updated: 2026-05-06 14:50Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.
Severity
Important
Notes
Topic: Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details: Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues
fixed.
Security Fix(es):
* spring-security-core: Spring Security authorization bypass (CVE-2025-41248)
* spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* spring-core-test: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)
* org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)
* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
* minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)
* io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.10
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.10
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.10
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.10
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources. Attackers could craft malicious XML inputs to extract sensitive data from the system's properties or environment variables, potentially compromising security in applications relying on minio-java for object storage operations.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_spring_boot:4.10
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat build of Apache Camel 4.10.7 for Spring Boot patch release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues\nfixed.\n\nSecurity Fix(es):\n \n* spring-security-core: Spring Security authorization bypass (CVE-2025-41248)\n\n* spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* spring-core-test: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability (CVE-2025-41249)\n\n* org.eclipse.jgit: XXE vulnerability in Eclipse JGit (CVE-2025-4949)\n\n* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\n* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\n* minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)\n\n* io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution (CVE-2025-59952)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18028",
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "2395723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395723"
},
{
"category": "external",
"summary": "2395725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395725"
},
{
"category": "external",
"summary": "2400380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400380"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18028.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release.",
"tracking": {
"current_release_date": "2026-05-06T14:50:18+00:00",
"generator": {
"date": "2026-05-06T14:50:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:18028",
"initial_release_date": "2025-10-14T17:59:03+00:00",
"revision_history": [
{
"date": "2025-10-14T17:59:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-14T17:59:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-06T14:50:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product": {
"name": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product_id": "Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4949",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-05-21T07:00:48.762597+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367730"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Eclipse JGit allows for XML External Entity (XXE) attacks when parsing specially crafted XML files. This can lead to local denial of service in affected Red Hat products that utilize JGit\u0027s ManifestParser or AmazonS3 class for git transport. The current 9.8 rating by NVD assumes a default, server-side exploitation path. However, the vulnerability resides in the experimental AmazonS3 transport class within Eclipse JGit, which is not enabled by default and requires non-standard configuration (Attack Complexity: High). Furthermore, exploitation typically occurs via client-side tools (e.g., repo) requiring active user participation (User Interaction: Required), limiting the primary risk to local Denial of Service rather than remote, unauthenticated compromise (Availability: High).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4949"
},
{
"category": "external",
"summary": "RHBZ#2367730",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367730"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4949",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4949"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64",
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/64"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281"
},
{
"category": "external",
"summary": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1",
"url": "https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1"
}
],
"release_date": "2025-05-21T06:47:19.777000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.eclipse.jgit: XXE vulnerability in Eclipse JGit"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2025-09-16T11:00:42.699993+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395723"
}
],
"notes": [
{
"category": "description",
"text": "The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.springframework.security/spring-security-core: Spring Security authorization bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-41248"
},
{
"category": "external",
"summary": "RHBZ#2395723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-41248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41248"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-security/issues/17898",
"url": "https://github.com/spring-projects/spring-security/issues/17898"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-41248",
"url": "https://spring.io/security/cve-2025-41248"
}
],
"release_date": "2025-09-16T10:10:59.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.springframework.security/spring-security-core: Spring Security authorization bypass"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-09-16T11:00:49.967990+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395725"
}
],
"notes": [
{
"category": "description",
"text": "The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-41249"
},
{
"category": "external",
"summary": "RHBZ#2395725",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395725"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41249"
},
{
"category": "external",
"summary": "https://github.com/spring-projects/spring-framework/issues/35342",
"url": "https://github.com/spring-projects/spring-framework/issues/35342"
},
{
"category": "external",
"summary": "https://spring.io/security/cve-2025-41249",
"url": "https://spring.io/security/cve-2025-41249"
}
],
"release_date": "2025-09-16T10:15:34.118000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.springframework/spring-core: Spring Framework Annotation Detection Vulnerability"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
},
{
"cve": "CVE-2025-59952",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2025-09-30T00:01:08.819825+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400380"
}
],
"notes": [
{
"category": "description",
"text": "In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials, file paths, or system configuration details, if such references were present in XML content from untrusted sources. Attackers could craft malicious XML inputs to extract sensitive data from the system\u0027s properties or environment variables, potentially compromising security in applications relying on minio-java for object storage operations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59952"
},
{
"category": "external",
"summary": "RHBZ#2400380",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400380"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59952",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59952"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59952",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59952"
},
{
"category": "external",
"summary": "https://github.com/minio/minio-java/releases/tag/8.6.0",
"url": "https://github.com/minio/minio-java/releases/tag/8.6.0"
},
{
"category": "external",
"summary": "https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm",
"url": "https://github.com/minio/minio-java/security/advisories/GHSA-h7rh-xfpj-hpcm"
}
],
"release_date": "2025-09-29T23:32:33.994000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-14T17:59:03+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18028"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat build of Apache Camel 4.10.7 for Spring Boot 3.4.10"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution"
}
]
}
RHSA-2025:18076
Vulnerability from csaf_redhat - Published: 2025-10-15 09:14 - Updated: 2026-03-24 13:15Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA)
Severity
Moderate
Notes
Topic: An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.
Red Hat Product Security has rated this update as having a security impact of Moderate.
Details: An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA).
The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:
* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Build of Apache Camel 4.10 for Quarkus 3.20
Red Hat / Red Hat Build of Apache Camel
|
cpe:/a:redhat:apache_camel_quarkus:3.20
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products.\nRed Hat Product Security has rated this update as having a security impact of Moderate.",
"title": "Topic"
},
{
"category": "general",
"text": "An update for Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA).\nThe purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products:\n* netty-codec-http2: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:18076",
"url": "https://access.redhat.com/errata/RHSA-2025:18076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58056",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_18076.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA)",
"tracking": {
"current_release_date": "2026-03-24T13:15:32+00:00",
"generator": {
"date": "2026-03-24T13:15:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:18076",
"initial_release_date": "2025-10-15T09:14:18+00:00",
"revision_history": [
{
"date": "2025-10-15T09:14:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-15T09:14:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-24T13:15:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Build of Apache Camel 4.10 for Quarkus 3.20",
"product": {
"name": "Red Hat Build of Apache Camel 4.10 for Quarkus 3.20",
"product_id": "Red Hat Build of Apache Camel 4.10 for Quarkus 3.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:apache_camel_quarkus:3.20"
}
}
}
],
"category": "product_family",
"name": "Red Hat Build of Apache Camel"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Build of Apache Camel 4.10 for Quarkus 3.20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-15T09:14:18+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat Build of Apache Camel 4.10 for Quarkus 3.20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:18076"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Red Hat Build of Apache Camel 4.10 for Quarkus 3.20"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Build of Apache Camel 4.10 for Quarkus 3.20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
]
}
RHSA-2025:21148
Vulnerability from csaf_redhat - Published: 2025-11-25 02:09 - Updated: 2026-05-29 11:29Summary
Red Hat Security Advisory: Red Hat build of Cryostat 4.1.0: new RHEL 9 container image security update
Severity
Moderate
Notes
Topic: New Red Hat build of Cryostat 4.1.0 on RHEL 9 container images are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.
Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.
Security Fix(es):
* database/sql: Postgres Scan Race Condition (CVE-2025-47907)
* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)
You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
7.0 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "New Red Hat build of Cryostat 4.1.0 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.\n\nUsers of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* database/sql: Postgres Scan Race Condition (CVE-2025-47907)\n* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:21148",
"url": "https://access.redhat.com/errata/RHSA-2025:21148"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21148.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.1.0: new RHEL 9 container image security update",
"tracking": {
"current_release_date": "2026-05-29T11:29:03+00:00",
"generator": {
"date": "2026-05-29T11:29:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:21148",
"initial_release_date": "2025-11-25T02:09:04+00:00",
"revision_history": [
{
"date": "2025-11-25T02:09:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-25T02:09:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-29T11:29:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 4 on RHEL 9",
"product": {
"name": "Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:4::el9"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"product_id": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-11"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"product": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"product_id": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"product": {
"name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"product_id": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"product": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"product": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"product": {
"name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"product_id": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"product": {
"name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"product_id": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"product": {
"name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"product_id": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"product": {
"name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"product_id": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"product": {
"name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"product_id": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-11"
}
}
},
{
"category": "product_version",
"name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"product": {
"name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"product_id": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-11"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64"
},
"product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64"
},
"product_reference": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64"
},
"product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64"
},
"product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64"
},
"product_reference": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64"
},
"product_reference": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64"
},
"product_reference": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64"
},
"product_reference": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64"
},
"product_reference": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"relates_to_product_reference": "9Base-Cryostat-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64 as a component of Cryostat 4 on RHEL 9",
"product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
},
"product_reference": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
"relates_to_product_reference": "9Base-Cryostat-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47907",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-08-07T16:01:06.247481+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387083"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "database/sql: Postgres Scan Race Condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47907"
},
{
"category": "external",
"summary": "RHBZ#2387083",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"category": "external",
"summary": "https://go.dev/cl/693735",
"url": "https://go.dev/cl/693735"
},
{
"category": "external",
"summary": "https://go.dev/issue/74831",
"url": "https://go.dev/issue/74831"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3849",
"url": "https://pkg.go.dev/vuln/GO-2025-3849"
}
],
"release_date": "2025-08-07T15:25:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-25T02:09:04+00:00",
"details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21148"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "database/sql: Postgres Scan Race Condition"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-11-25T02:09:04+00:00",
"details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:21148"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
"9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
"9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
"9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
"9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
"9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
"9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
"9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
"9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
"9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
]
}
RHSA-2025:23417
Vulnerability from csaf_redhat - Published: 2025-12-16 23:13 - Updated: 2026-05-10 14:28Summary
Red Hat Security Advisory: Streams for Apache Kafka 3.1.0 release and security update
Severity
Important
Notes
Topic: Streams for Apache Kafka 3.1.0 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed
backbone that allows microservices and other applications to share data with
extremely high throughput and extremely low latency.
This release of Red Hat Streams for Apache Kafka 3.1.0 serves as a replacement for Red Hat Streams for Apache Kafka 3.0.1, and includes security and bug fixes, and enhancements.
Security Fix(es):
* Apache Kafka, Drain Cleaner, Bridge, Cruise Conreol, Proxy, Console: Netty's BrotliDecoder is vulnerable to DoS via zip bomb style attack"(CVE-2025-58057)"
* Apache Kafka, Proxy: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"(CVE-2025-58056)"
* Apache Kafka, Bridge, Drain Cleaner, Cruise Control, Console: Netty MadeYouReset HTTP/2 DDoS Vulnerability ("CVE-2025-55163")
* Apache Kafka: org.apache.commons:commons-lang3 : Uncontrolled Recursion("CVE-2025-48924")
* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout("CVE-2025-1634")
* Drain Cleaner, Console: Data leak vulnerability in io.quarkus:quarkus-vertx package ("CVE-2025-49574")
* Cruise Control: org.apache.kafka/kafka_2.13: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption (" CVE-2024-56128")
* Cruise Control: org.apache.kafka: Kafka Client Arbitrary File Read SSRF("CVE-2025-27817")
* Cruise Control: Kafka Clients Vulnerabiliy("CVE-2025-27819")
* Cruise Control: Kafka Clients Vulnerabiliy("CVE-2025-27818")
* Cruise Control, Console: io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw ("CVE-2025-11965")
* Cruise Control, Console: Vertx - Cross-site scripting (XSS) vulnerability ("CVE-2025-11966")
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A file access control flaw has been discovered in the Eclipse Foundation's Vert.x library. A StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
In Eclipse Vert.x, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing.
4.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery (SSRF) by a malicious client. Consequently, this can allow an attacker to read arbitrary files on the Kafka broker or initiate requests to internal or external resources.
8.1 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the creation or modification of connectors with malicious configurations. Consequently, this can allow an attacker to compromise the integrity and availability of the Kafka cluster or Kafka Connect worker.
8.0 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in org.apache.kafka. The JndiLoginModule within the SASL authentication mechanism allows remote code execution and denial of service when misconfigured. This flaw allows an attacker to provide a malicious JNDI URI within the Kafka broker's configuration, permitting arbitrary code execution on the affected system.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.
CWE-674 - Uncontrolled RecursionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.
6.4 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.1.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.1::el9
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
87 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 3.1.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 3.1.0 serves as a replacement for Red Hat Streams for Apache Kafka 3.0.1, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Apache Kafka, Drain Cleaner, Bridge, Cruise Conreol, Proxy, Console: Netty\u0027s BrotliDecoder is vulnerable to DoS via zip bomb style attack\"(CVE-2025-58057)\"\n* Apache Kafka, Proxy: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\"(CVE-2025-58056)\"\n* Apache Kafka, Bridge, Drain Cleaner, Cruise Control, Console: Netty MadeYouReset HTTP/2 DDoS Vulnerability (\"CVE-2025-55163\")\n* Apache Kafka: org.apache.commons:commons-lang3 : Uncontrolled Recursion(\"CVE-2025-48924\")\n* Drain Cleaner: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout(\"CVE-2025-1634\")\n* Drain Cleaner, Console: Data leak vulnerability in io.quarkus:quarkus-vertx package (\"CVE-2025-49574\")\n* Cruise Control: org.apache.kafka/kafka_2.13: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption (\" CVE-2024-56128\")\n* Cruise Control: org.apache.kafka: Kafka Client Arbitrary File Read SSRF(\"CVE-2025-27817\")\n* Cruise Control: Kafka Clients Vulnerabiliy(\"CVE-2025-27819\")\n* Cruise Control: Kafka Clients Vulnerabiliy(\"CVE-2025-27818\")\n* Cruise Control, Console: io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw (\"CVE-2025-11965\")\n* Cruise Control, Console: Vertx - Cross-site scripting (XSS) vulnerability (\"CVE-2025-11966\")",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23417",
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "2371365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371365"
},
{
"category": "external",
"summary": "2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "external",
"summary": "2371368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371368"
},
{
"category": "external",
"summary": "2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "2393000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393000"
},
{
"category": "external",
"summary": "2405789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405789"
},
{
"category": "external",
"summary": "2405820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405820"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23417.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 3.1.0 release and security update",
"tracking": {
"current_release_date": "2026-05-10T14:28:14+00:00",
"generator": {
"date": "2026-05-10T14:28:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.9"
}
},
"id": "RHSA-2025:23417",
"initial_release_date": "2025-12-16T23:13:43+00:00",
"revision_history": [
{
"date": "2025-12-16T23:13:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-16T23:13:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-10T14:28:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 3.1.0",
"product": {
"name": "Streams for Apache Kafka 3.1.0",
"product_id": "Streams for Apache Kafka 3.1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-56128",
"cwe": {
"id": "CWE-303",
"name": "Incorrect Implementation of Authentication Algorithm"
},
"discovery_date": "2024-12-18T14:00:43.732728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Kafka\u0027s implementation of the Salted Challenge Response Authentication Mechanism (SCRAM), which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka\u0027s SCRAM implementation did not perform this validation. In environments where SCRAM is operated over plaintext communication channels, an attacker with access to the exchange can intercept and potentially reuse authentication messages, leveraging the weak nonce validation to gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked with an Important severity because it compromises a fundamental security requirement of the SCRAM protocol as specified in RFC 5802 \u2014the validation of nonces for ensuring message integrity and preventing replay attacks. Without proper nonce validation, an attacker with plaintext access to the SCRAM authentication exchange could manipulate or replay parts of the authentication process, potentially gaining unauthorized access or disrupting the integrity of authentication. While the use of plaintext communication for SCRAM is discouraged, many legacy systems or misconfigured deployments may still rely on it, making them directly susceptible.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56128"
},
{
"category": "external",
"summary": "RHBZ#2333013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56128",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56128"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802",
"url": "https://datatracker.ietf.org/doc/html/rfc5802"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc5802#section-9",
"url": "https://datatracker.ietf.org/doc/html/rfc5802#section-9"
},
{
"category": "external",
"summary": "https://kafka.apache.org/documentation/#security_sasl_scram_security",
"url": "https://kafka.apache.org/documentation/#security_sasl_scram_security"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw",
"url": "https://lists.apache.org/thread/84dh4so32lwn7wr6c5s9mwh381vx9wkw"
}
],
"release_date": "2024-12-18T13:38:03.068000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption"
},
{
"cve": "CVE-2025-1634",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-02-24T14:17:31.237000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2347319"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is marked as and Important severity rather than Moderate because it allows an unauthenticated attacker to trigger a denial of service condition by repeatedly sending crafted HTTP requests with low timeouts. The issue leads to a memory leak that cannot be recovered without restarting the application, ultimately resulting in an OutOfMemoryError and complete service failure.\n\nIn a production environment, this vulnerability poses a significant risk to availability, especially for applications handling multiple concurrent requests. Since no mitigation exists, all applications using quarkus-resteasy are affected until patched. The ease of exploitation, lack of required privileges, and high impact on service uptime justify the high severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-1634"
},
{
"category": "external",
"summary": "RHBZ#2347319",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347319"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-1634",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1634"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/46412",
"url": "https://github.com/quarkusio/quarkus/issues/46412"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/pull/46419",
"url": "https://github.com/quarkusio/quarkus/pull/46419"
}
],
"release_date": "2025-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout"
},
{
"cve": "CVE-2025-11965",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"discovery_date": "2025-10-22T15:04:14.114397+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405820"
}
],
"notes": [
{
"category": "description",
"text": "A file access control flaw has been discovered in the Eclipse Foundation\u0027s Vert.x library. A StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users to retrieve files within them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11965"
},
{
"category": "external",
"summary": "RHBZ#2405820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11965"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/304",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/304"
}
],
"release_date": "2025-10-22T14:50:07.602000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: Eclipse Vert.x Access Control Flaw"
},
{
"cve": "CVE-2025-11966",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-10-22T15:01:24.122189+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405789"
}
],
"notes": [
{
"category": "description",
"text": "In Eclipse Vert.x, when \"directory listing\" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path can craft filenames containing malicious script or HTML content, leading to stored cross-site scripting (XSS) that executes in the context of users viewing the affected directory listing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-web: Eclipse Vert.x cross site scripting",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11966"
},
{
"category": "external",
"summary": "RHBZ#2405789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405789"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11966",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11966"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11966",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11966"
},
{
"category": "external",
"summary": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/303",
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/303"
}
],
"release_date": "2025-10-22T14:44:24.145000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-web: Eclipse Vert.x cross site scripting"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-10T08:00:46.717358+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-kafka. The Kafka client improperly handles configuration data for SASL/OAUTHBEARER connections, allowing an attacker to specify a crafted token endpoint URL. This allows for arbitrary file reads and server-side request forgery (SSRF) by a malicious client. Consequently, this can allow an attacker to read arbitrary files on the Kafka broker or initiate requests to internal or external resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27817"
},
{
"category": "external",
"summary": "RHBZ#2371367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27817"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list",
"url": "https://kafka.apache.org/cve-list"
}
],
"release_date": "2025-06-10T07:55:14.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "To mitigate this flaw, explicitly set the allowed urls in SASL JAAS configuration using the system property \"-Dorg.apache.kafka.sasl.oauthbearer.allowed.urls\".",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.kafka: Kafka Client Arbitrary File Read SSRF"
},
{
"cve": "CVE-2025-27818",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-06-10T08:00:49.484918+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371368"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-kafka. This issue occurs due to improper handling of configuration data when using a Kafka client SASL JAAS, allowing an attacker with access to alterConfig for a cluster resource or Kafka Connect worker to inject arbitrary configuration. This injection can lead to the creation or modification of connectors with malicious configurations. Consequently, this can allow an attacker to compromise the integrity and availability of the Kafka cluster or Kafka Connect worker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-kafka: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No Red Hat products are affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27818"
},
{
"category": "external",
"summary": "RHBZ#2371368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371368"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27818",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27818"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list",
"url": "https://kafka.apache.org/cve-list"
}
],
"release_date": "2025-06-10T07:52:31.778000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread \ninstallation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "apache-kafka: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration"
},
{
"cve": "CVE-2025-27819",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-06-10T08:00:41.723005+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371365"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in org.apache.kafka. The JndiLoginModule within the SASL authentication mechanism allows remote code execution and denial of service when misconfigured. This flaw allows an attacker to provide a malicious JNDI URI within the Kafka broker\u0027s configuration, permitting arbitrary code execution on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.kafka: Kafka JNDI Login Module RCE Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No Red Hat products or offerings are affected by this vulnerability.\n\nThis vulnerability is categorized as Important rather than Moderate due to its potential to enable remote code execution (RCE) or denial of service (DoS) in a core component of Apache Kafka\u2014its brokers\u2014under certain but realistic conditions. While exploitation requires AlterConfigs permission and network access to the Kafka cluster, these privileges are commonly granted to administrative or automation accounts in real-world deployments. The core issue arises from unsafe JAAS configuration allowing the use of JndiLoginModule, which can trigger JNDI lookups and result in arbitrary code execution if a malicious LDAP or RMI server is referenced. Given Kafka\u0027s central role in data pipelines and real-time processing systems, a successful exploit could lead to a full cluster compromise, service disruption, or even lateral movement within a network.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27819"
},
{
"category": "external",
"summary": "RHBZ#2371365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27819"
},
{
"category": "external",
"summary": "https://kafka.apache.org/cve-list",
"url": "https://kafka.apache.org/cve-list"
}
],
"release_date": "2025-06-10T07:54:41.896000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "To mitigate this flaw, disable the problematic login module\u0027s usage in the SASL JAAS configuration using the system property, \"-Dorg.apache.kafka.disallowed.login.modules\".",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.apache.kafka: Kafka JNDI Login Module RCE Vulnerability"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-07-11T15:01:08.754489+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379554"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled recursion flaw was found in the Apache Commons Lang library. The ClassUtils.getClass(...) method can throw a StackOverflowError on very long inputs. Since this error is typically not handled by applications and libraries, a StackOverflowError may lead to the termination of an application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48924"
},
{
"category": "external",
"summary": "RHBZ#2379554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1",
"url": "https://lists.apache.org/thread/bgv0lpswokgol11tloxnjfzdl7yrc1g1"
}
],
"release_date": "2025-07-11T14:56:58.049000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "commons-lang/commons-lang: org.apache.commons/commons-lang3: Uncontrolled Recursion vulnerability in Apache Commons Lang"
},
{
"cve": "CVE-2025-49574",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"discovery_date": "2025-06-23T20:00:57.216622+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374376"
}
],
"notes": [
{
"category": "description",
"text": "A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be unintentionally exposed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.quarkus/quarkus-vertx: Quarkus potential data leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49574"
},
{
"category": "external",
"summary": "RHBZ#2374376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49574"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1",
"url": "https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/issues/48227",
"url": "https://github.com/quarkusio/quarkus/issues/48227"
},
{
"category": "external",
"summary": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4",
"url": "https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"
}
],
"release_date": "2025-06-23T19:47:05.454000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.quarkus/quarkus-vertx: Quarkus potential data leak"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-08-13T15:01:55.372237+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388252"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a denial of service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "RHBZ#2388252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4",
"url": "https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-08-13T14:17:36.111000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-09-03T22:00:48.401986+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. With specially crafted input, BrotliDecoder and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec: netty-codec-compression: Netty\u0027s BrotliDecoder is vulnerable to DoS via zip bomb style attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A flaw in Netty\u0027s BrotliDecoder and other decompression decoders can lead to a denial of service when processing specially crafted input. This affects various Red Hat products that utilize Netty for network communication and data decompression. Using BrotliDecoder on untrusted input is entirely",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.1.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58057"
},
{
"category": "external",
"summary": "RHBZ#2393000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d",
"url": "https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj",
"url": "https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj"
}
],
"release_date": "2025-09-03T21:46:49.928000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-16T23:13:43+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.1.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec: netty-codec-compression: Netty\u0027s BrotliDecoder is vulnerable to DoS via zip bomb style attack"
}
]
}
RHSA-2026:3102
Vulnerability from csaf_redhat - Published: 2026-02-23 16:31 - Updated: 2026-03-24 13:18Summary
Red Hat Security Advisory: AMQ Clients 2026.Q1
Severity
Moderate
Notes
Topic: An update is now available for Red Hat AMQ Clients
Red Hat Product Security has rated this update as having an impact of
Moderate.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed
severity rating, is available for each vulnerability from the CVE link(s) in the
References section.
Details: Each Red Hat AMQ Client enables sending, and receiving messages to or from AMQ Broker 7.
This update provides various bug fixes and enhancements in addition to the
client package versions previously released on Red Hat Enterprise Linux 8
and 9.
Security Fix(es):
* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw in Netty’s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AMQ Clients 2026.Q1
Red Hat / Red Hat AMQ Clients
|
cpe:/a:redhat:amq_clients:2026
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat AMQ Clients\n\nRed Hat Product Security has rated this update as having an impact of\nModerate.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed\nseverity rating, is available for each vulnerability from the CVE link(s) in the\nReferences section.",
"title": "Topic"
},
{
"category": "general",
"text": "Each Red Hat AMQ Client enables sending, and receiving messages to or from AMQ Broker 7.\n\nThis update provides various bug fixes and enhancements in addition to the\nclient package versions previously released on Red Hat Enterprise Linux 8\nand 9.\n\nSecurity Fix(es):\n\n* (CVE-2025-58056) netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3102",
"url": "https://access.redhat.com/errata/RHSA-2026:3102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_amq_clients",
"url": "https://docs.redhat.com/en/documentation/red_hat_amq_clients"
},
{
"category": "external",
"summary": "2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3102.json"
}
],
"title": "Red Hat Security Advisory: AMQ Clients 2026.Q1",
"tracking": {
"current_release_date": "2026-03-24T13:18:54+00:00",
"generator": {
"date": "2026-03-24T13:18:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3102",
"initial_release_date": "2026-02-23T16:31:20+00:00",
"revision_history": [
{
"date": "2026-02-23T16:31:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T16:31:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-24T13:18:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AMQ Clients 2026.Q1",
"product": {
"name": "AMQ Clients 2026.Q1",
"product_id": "AMQ Clients 2026.Q1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_clients:2026"
}
}
}
],
"category": "product_family",
"name": "Red Hat AMQ Clients"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58056",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-09-03T21:01:22.935850+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392996"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AMQ Clients 2026.Q1"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "RHBZ#2392996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
"url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
},
{
"category": "external",
"summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
"url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
"url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/issues/15522",
"url": "https://github.com/netty/netty/issues/15522"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/pull/15611",
"url": "https://github.com/netty/netty/pull/15611"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
"url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
}
],
"release_date": "2025-09-03T20:56:50.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T16:31:20+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AMQ Clients 2026.Q1"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3102"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
"product_ids": [
"AMQ Clients 2026.Q1"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"AMQ Clients 2026.Q1"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
}
]
}
SUSE-SU-2025:03114-1
Vulnerability from csaf_suse - Published: 2025-09-09 10:35 - Updated: 2025-09-09 10:35Summary
Security update for netty, netty-tcnative
Severity
Important
Notes
Title of the patch: Security update for netty, netty-tcnative
Description of the patch: This update for netty, netty-tcnative fixes the following issues:
Upgrade to upstream version 4.1.126.
Security issues fixed:
- CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can
cause a denial of service (bsc#1249134).
- CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116).
- CVE-2025-55163: 'MadeYouReset' denial of serivce attack in the HTTP/2 protocol (bsc#1247991).
Other issues fixed:
- Fixes from version 4.1.126
* Fix IllegalReferenceCountException on invalid upgrade response.
* Drop unknown frame on missing stream.
* Don't try to handle incomplete upgrade request.
* Update to netty-tcnative 2.0.73Final.
- Fixes from version 4.1.124
* Fix NPE and AssertionErrors when many tasks are scheduled and cancelled.
* HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder.
* Epoll: Correctly handle UDP packets with source port of 0.
* Fix netty-common OSGi Import-Package header.
* MqttConnectPayload.toString() includes password.
- Fixes from version 4.1.123
* Fix chunk reuse bug in adaptive allocator.
* More accurate adaptive memory usage accounting.
* Introduce size-classes for the adaptive allocator.
* Reduce magazine proliferation eagerness.
* Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes.
* Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation.
* AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account.
* Optimize capacity bumping for adaptive ByteBufs.
* AbstractDnsRecord: equals() and hashCode() to ignore name field's case.
* Backport Unsafe guards.
* Guard recomputed offset access with hasUnsafe.
* HTTP2: Always produce a RST frame on stream exception.
* Correct what artifacts included in netty-bom.
- Fixes from version 4.1.122
* DirContextUtils.addNameServer(...) should just catch Exception internally.
* Make public API specify explicit maxAllocation to prevent OOM.
* Fix concurrent ByteBuf write access bug in adaptive allocator.
* Fix transport-native-kqueue Bundle-SymbolicNames.
* Fix resolver-dns-native-macos Bundle-SymbolicNames.
* Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable.
* Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset > 0.
* Optimize ByteBuf.setCharSequence for adaptive allocator.
* Kqueue: Fix registration failure when fd is reused.
* Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level.
* Ensure OpenSsl.availableJavaCipherSuites does not contain null values.
* Always prefer direct buffers for pooled allocators if not explicit disabled.
* Update to netty-tcnative 2.0.72.Final.
* Re-enable sun.misc.Unsafe by default on Java 24+.
* Kqueue: Delay removal from registration map to fix noisy warnings.
- Fixes from version 4.1.121
* Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64.
* Fix transport-native-epoll Bundle-SymbolicNames.
- Fixes from version 4.1.120
* Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current
InterfaceHttpData.
* Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow.
* ThreadExecutorMap must restore old EventExecutor.
* Make Recycler virtual thread friendly.
* Disable sun.misc.Unsafe by default on Java 24+.
* Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator.
* Add suppressed exception to original cause when calling Future.sync*.
* Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings.
* Correct computation for suboptimal chunk retirement probability.
* Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...).
* Fix a Bytebuf leak in TcpDnsQueryDecoder.
* SSL: Clear native error if named group is not supported.
* WebSocketClientCompressionHandler shouldn't claim window bits support when jzlib is not available.
* Fix the assignment error of maxQoS parameter in ConnAck Properties.
- Fixes from version 4.1.119
* Replace SSL assertion with explicit record length check.
* Fix NPE when upgrade message fails to aggregate.
* SslHandler: Fix possible NPE when executor is used for delegating.
* Consistently add channel info in HTTP/2 logs.
* Add QueryStringDecoder option to leave '+' alone.
* Use initialized BouncyCastle providers when available.
- Fix pom.xml errors that will be fatal with Maven 4
Patchnames: SUSE-2025-3114,SUSE-SLE-Module-Development-Tools-15-SP6-2025-3114,SUSE-SLE-Module-Development-Tools-15-SP7-2025-3114,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3114,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3114,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3114,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3114,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3114,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3114,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3114,SUSE-Storage-7.1-2025-3114,openSUSE-SLE-15.6-2025-3114
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
58 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for netty, netty-tcnative",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for netty, netty-tcnative fixes the following issues:\n\nUpgrade to upstream version 4.1.126.\n \nSecurity issues fixed:\n \n- CVE-2025-58057: decompression codecs allocating a large number of buffers after processing specially crafted input can\n cause a denial of service (bsc#1249134).\n- CVE-2025-58056: incorrect parsing of chunk extensions can lead to request smuggling (bsc#1249116).\n- CVE-2025-55163: \u0027MadeYouReset\u0027 denial of serivce attack in the HTTP/2 protocol (bsc#1247991).\n \nOther issues fixed:\n\n- Fixes from version 4.1.126\n * Fix IllegalReferenceCountException on invalid upgrade response.\n * Drop unknown frame on missing stream.\n * Don\u0027t try to handle incomplete upgrade request.\n * Update to netty-tcnative 2.0.73Final.\n \n- Fixes from version 4.1.124\n * Fix NPE and AssertionErrors when many tasks are scheduled and cancelled.\n * HTTP2: Http2ConnectionHandler should always use Http2ConnectionEncoder.\n * Epoll: Correctly handle UDP packets with source port of 0.\n * Fix netty-common OSGi Import-Package header.\n * MqttConnectPayload.toString() includes password.\n\n- Fixes from version 4.1.123\n * Fix chunk reuse bug in adaptive allocator.\n * More accurate adaptive memory usage accounting.\n * Introduce size-classes for the adaptive allocator.\n * Reduce magazine proliferation eagerness.\n * Fix concurrent ByteBuffer access issue in AdaptiveByteBuf.getBytes.\n * Fix possible buffer corruption caused by incorrect setCharSequence(...) implementation.\n * AdaptiveByteBuf: Fix AdaptiveByteBuf.maxFastWritableBytes() to take writerIndex() into account.\n * Optimize capacity bumping for adaptive ByteBufs.\n * AbstractDnsRecord: equals() and hashCode() to ignore name field\u0027s case.\n * Backport Unsafe guards.\n * Guard recomputed offset access with hasUnsafe.\n * HTTP2: Always produce a RST frame on stream exception.\n * Correct what artifacts included in netty-bom.\n\n- Fixes from version 4.1.122\n * DirContextUtils.addNameServer(...) should just catch Exception internally.\n * Make public API specify explicit maxAllocation to prevent OOM.\n * Fix concurrent ByteBuf write access bug in adaptive allocator.\n * Fix transport-native-kqueue Bundle-SymbolicNames.\n * Fix resolver-dns-native-macos Bundle-SymbolicNames.\n * Always correctly calculate the memory address of the ByteBuf even if sun.misc.Unsafe is not usable.\n * Upgrade lz4 dependencies as the old version did not correctly handle ByteBuffer that have an arrayOffset \u003e 0.\n * Optimize ByteBuf.setCharSequence for adaptive allocator.\n * Kqueue: Fix registration failure when fd is reused.\n * Make JdkZlibEncoder accept Deflater.DEFAULT_COMPRESSION as level.\n * Ensure OpenSsl.availableJavaCipherSuites does not contain null values.\n * Always prefer direct buffers for pooled allocators if not explicit disabled.\n * Update to netty-tcnative 2.0.72.Final.\n * Re-enable sun.misc.Unsafe by default on Java 24+.\n * Kqueue: Delay removal from registration map to fix noisy warnings.\n\n- Fixes from version 4.1.121\n * Epoll.isAvailable() returns false on Ubuntu 20.04/22.04 arch amd64.\n * Fix transport-native-epoll Bundle-SymbolicNames.\n\n- Fixes from version 4.1.120\n * Fix flawed termination condition check in HttpPostRequestEncoder#encodeNextChunkUrlEncoded(int) for current\n InterfaceHttpData.\n * Exposed decoderEnforceMaxConsecutiveEmptyDataFrames and decoderEnforceMaxRstFramesPerWindow.\n * ThreadExecutorMap must restore old EventExecutor.\n * Make Recycler virtual thread friendly.\n * Disable sun.misc.Unsafe by default on Java 24+.\n * Adaptive: Correctly enforce leak detection when using AdaptiveByteBufAllocator.\n * Add suppressed exception to original cause when calling Future.sync*.\n * Add SETTINGS_ENABLE_CONNECT_PROTOCOL to the default HTTP/2 settings.\n * Correct computation for suboptimal chunk retirement probability.\n * Fix bug in method AdaptivePoolingAllocator.allocateWithoutLock(...).\n * Fix a Bytebuf leak in TcpDnsQueryDecoder.\n * SSL: Clear native error if named group is not supported.\n * WebSocketClientCompressionHandler shouldn\u0027t claim window bits support when jzlib is not available.\n * Fix the assignment error of maxQoS parameter in ConnAck Properties.\n\n- Fixes from version 4.1.119\n * Replace SSL assertion with explicit record length check.\n * Fix NPE when upgrade message fails to aggregate.\n * SslHandler: Fix possible NPE when executor is used for delegating.\n * Consistently add channel info in HTTP/2 logs.\n * Add QueryStringDecoder option to leave \u0027+\u0027 alone.\n * Use initialized BouncyCastle providers when available.\n\n- Fix pom.xml errors that will be fatal with Maven 4\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3114,SUSE-SLE-Module-Development-Tools-15-SP6-2025-3114,SUSE-SLE-Module-Development-Tools-15-SP7-2025-3114,SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3114,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3114,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-3114,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3114,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3114,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3114,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3114,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3114,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3114,SUSE-Storage-7.1-2025-3114,openSUSE-SLE-15.6-2025-3114",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03114-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03114-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503114-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03114-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041552.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247991",
"url": "https://bugzilla.suse.com/1247991"
},
{
"category": "self",
"summary": "SUSE Bug 1249116",
"url": "https://bugzilla.suse.com/1249116"
},
{
"category": "self",
"summary": "SUSE Bug 1249134",
"url": "https://bugzilla.suse.com/1249134"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55163 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58057 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58057/"
}
],
"title": "Security update for netty, netty-tcnative",
"tracking": {
"current_release_date": "2025-09-09T10:35:14Z",
"generator": {
"date": "2025-09-09T10:35:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03114-1",
"initial_release_date": "2025-09-09T10:35:14Z",
"revision_history": [
{
"date": "2025-09-09T10:35:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.126-150200.4.34.1.aarch64",
"product": {
"name": "netty-4.1.126-150200.4.34.1.aarch64",
"product_id": "netty-4.1.126-150200.4.34.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"product": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"product_id": "netty-tcnative-2.0.73-150200.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.aarch64",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.aarch64",
"product_id": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.126-150200.4.34.1.i586",
"product": {
"name": "netty-4.1.126-150200.4.34.1.i586",
"product_id": "netty-4.1.126-150200.4.34.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.73-150200.3.30.1.i586",
"product": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.i586",
"product_id": "netty-tcnative-2.0.73-150200.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.i586",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.i586",
"product_id": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-bom-4.1.126-150200.4.34.1.noarch",
"product": {
"name": "netty-bom-4.1.126-150200.4.34.1.noarch",
"product_id": "netty-bom-4.1.126-150200.4.34.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-javadoc-4.1.126-150200.4.34.1.noarch",
"product": {
"name": "netty-javadoc-4.1.126-150200.4.34.1.noarch",
"product_id": "netty-javadoc-4.1.126-150200.4.34.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-parent-4.1.126-150200.4.34.1.noarch",
"product": {
"name": "netty-parent-4.1.126-150200.4.34.1.noarch",
"product_id": "netty-parent-4.1.126-150200.4.34.1.noarch"
}
},
{
"category": "product_version",
"name": "netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch",
"product": {
"name": "netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch",
"product_id": "netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.126-150200.4.34.1.ppc64le",
"product": {
"name": "netty-4.1.126-150200.4.34.1.ppc64le",
"product_id": "netty-4.1.126-150200.4.34.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"product": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"product_id": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.ppc64le",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.ppc64le",
"product_id": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.126-150200.4.34.1.s390x",
"product": {
"name": "netty-4.1.126-150200.4.34.1.s390x",
"product_id": "netty-4.1.126-150200.4.34.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"product": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"product_id": "netty-tcnative-2.0.73-150200.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.s390x",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.s390x",
"product_id": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "netty-4.1.126-150200.4.34.1.x86_64",
"product": {
"name": "netty-4.1.126-150200.4.34.1.x86_64",
"product_id": "netty-4.1.126-150200.4.34.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"product": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"product_id": "netty-tcnative-2.0.73-150200.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.x86_64",
"product": {
"name": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.x86_64",
"product_id": "netty-tcnative-openssl-dynamic-2.0.73-150200.3.30.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le"
},
"product_reference": "netty-4.1.126-150200.4.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x"
},
"product_reference": "netty-4.1.126-150200.4.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.126-150200.4.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch"
},
"product_reference": "netty-javadoc-4.1.126-150200.4.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le"
},
"product_reference": "netty-4.1.126-150200.4.34.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x"
},
"product_reference": "netty-4.1.126-150200.4.34.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.126-150200.4.34.1.noarch as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch"
},
"product_reference": "netty-javadoc-4.1.126-150200.4.34.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le"
},
"product_reference": "netty-4.1.126-150200.4.34.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x"
},
"product_reference": "netty-4.1.126-150200.4.34.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-4.1.126-150200.4.34.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64"
},
"product_reference": "netty-4.1.126-150200.4.34.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-javadoc-4.1.126-150200.4.34.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch"
},
"product_reference": "netty-javadoc-4.1.126-150200.4.34.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-2.0.73-150200.3.30.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64"
},
"product_reference": "netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
},
"product_reference": "netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55163"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55163",
"url": "https://www.suse.com/security/cve/CVE-2025-55163"
},
{
"category": "external",
"summary": "SUSE Bug 1243888 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1243888"
},
{
"category": "external",
"summary": "SUSE Bug 1244252 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1244252"
},
{
"category": "external",
"summary": "SUSE Bug 1247991 for CVE-2025-55163",
"url": "https://bugzilla.suse.com/1247991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-09T10:35:14Z",
"details": "important"
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58056"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58056",
"url": "https://www.suse.com/security/cve/CVE-2025-58056"
},
{
"category": "external",
"summary": "SUSE Bug 1249116 for CVE-2025-58056",
"url": "https://bugzilla.suse.com/1249116"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-09T10:35:14Z",
"details": "important"
}
],
"title": "CVE-2025-58056"
},
{
"cve": "CVE-2025-58057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58057"
}
],
"notes": [
{
"category": "general",
"text": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with specially crafted input, BrotliDecoder and certain other decompression decoders will allocate a large number of reachable byte buffers, which can lead to denial of service. BrotliDecoder.decompress has no limit in how often it calls pull, decompressing data 64K bytes at a time. The buffers are saved in the output list, and remain reachable until OOM is hit. This is fixed in versions 4.1.125.Final of netty-codec and 4.2.5.Final of netty-codec-compression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58057",
"url": "https://www.suse.com/security/cve/CVE-2025-58057"
},
{
"category": "external",
"summary": "SUSE Bug 1249134 for CVE-2025-58057",
"url": "https://bugzilla.suse.com/1249134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Enterprise Storage 7.1:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-4.1.126-150200.4.34.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.aarch64",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.ppc64le",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.s390x",
"openSUSE Leap 15.6:netty-4.1.126-150200.4.34.1.x86_64",
"openSUSE Leap 15.6:netty-javadoc-4.1.126-150200.4.34.1.noarch",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.aarch64",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.ppc64le",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.s390x",
"openSUSE Leap 15.6:netty-tcnative-2.0.73-150200.3.30.1.x86_64",
"openSUSE Leap 15.6:netty-tcnative-javadoc-2.0.73-150200.3.30.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-09T10:35:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-58057"
}
]
}
WID-SEC-W-2025-2098
Vulnerability from csaf_certbund - Published: 2025-09-21 22:00 - Updated: 2025-10-05 22:00Summary
IBM SPSS: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools für Geschäftsbenutzer, Analysten und Statistik-Programmierer.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Denial of Service Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS Analytic Server = 3.6
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.6
|
Analytic Server = 3.6 | |
|
IBM SPSS Analytic Server = 3.5
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.5
|
Analytic Server = 3.5 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS Analytic Server = 3.6
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.6
|
Analytic Server = 3.6 | |
|
IBM SPSS Analytic Server = 3.5
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.5
|
Analytic Server = 3.5 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM SPSS Analytic Server = 3.6
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.6
|
Analytic Server = 3.6 | |
|
IBM SPSS Analytic Server = 3.5
IBM / SPSS
|
cpe:/a:ibm:spss:analytic_server__3.5
|
Analytic Server = 3.5 | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM SPSS ist ein umfassendes Set von Daten- und prognostischen Analyse-Tools f\u00fcr Gesch\u00e4ftsbenutzer, Analysten und Statistik-Programmierer.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM SPSS ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2098 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2098.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2098 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2098"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-21",
"url": "https://www.ibm.com/support/pages/node/7245648"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17317 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17317"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17318 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17318"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17299 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17299"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17187 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:17298 vom 2025-10-02",
"url": "https://access.redhat.com/errata/RHSA-2025:17298"
}
],
"source_lang": "en-US",
"title": "IBM SPSS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-05T22:00:00.000+00:00",
"generator": {
"date": "2025-10-06T08:53:17.419+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2098",
"initial_release_date": "2025-09-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-05T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Analytic Server = 3.5",
"product": {
"name": "IBM SPSS Analytic Server = 3.5",
"product_id": "T047107",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server__3.5"
}
}
},
{
"category": "product_version",
"name": "Analytic Server = 3.6",
"product": {
"name": "IBM SPSS Analytic Server = 3.6",
"product_id": "T047108",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spss:analytic_server__3.6"
}
}
}
],
"category": "product_name",
"name": "SPSS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55163",
"product_status": {
"known_affected": [
"T047108",
"T047107",
"67646"
]
},
"release_date": "2025-09-21T22:00:00.000+00:00",
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"product_status": {
"known_affected": [
"T047108",
"T047107",
"67646"
]
},
"release_date": "2025-09-21T22:00:00.000+00:00",
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58056",
"product_status": {
"known_affected": [
"T047108",
"T047107",
"67646"
]
},
"release_date": "2025-09-21T22:00:00.000+00:00",
"title": "CVE-2025-58056"
}
]
}
WID-SEC-W-2025-2301
Vulnerability from csaf_certbund - Published: 2025-10-14 22:00 - Updated: 2026-03-05 23:00Summary
Red Hat Enterprise Linux: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service auszuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus <3.20.3
Red Hat / Enterprise Linux
|
Quarkus <3.20.3 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:containers
|
— | |
|
HCL Commerce <25.09.17.0
HCL / Commerce
|
<25.09.17.0 | ||
|
Atlassian Jira <9.12.28
Atlassian / Jira
|
<9.12.28 | ||
|
Atlassian Jira <10.3.12
Atlassian / Jira
|
<10.3.12 | ||
|
RealObjects PDFreactor <12.4
RealObjects / PDFreactor
|
<12.4 | ||
|
Atlassian Jira <11.1.1
Atlassian / Jira
|
<11.1.1 | ||
|
IBM Storage Scale <5.2.3.5
IBM / Storage Scale
|
<5.2.3.5 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quarkus <3.20.3
Red Hat / Enterprise Linux
|
Quarkus <3.20.3 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:containers
|
— | |
|
HCL Commerce <25.09.17.0
HCL / Commerce
|
<25.09.17.0 | ||
|
Atlassian Jira <9.12.28
Atlassian / Jira
|
<9.12.28 | ||
|
Atlassian Jira <10.3.12
Atlassian / Jira
|
<10.3.12 | ||
|
RealObjects PDFreactor <12.4
RealObjects / PDFreactor
|
<12.4 | ||
|
Atlassian Jira <11.1.1
Atlassian / Jira
|
<11.1.1 | ||
|
IBM Storage Scale <5.2.3.5
IBM / Storage Scale
|
<5.2.3.5 | ||
|
Dell Secure Connect Gateway Appliance <5.32.00.18
Dell / Secure Connect Gateway
|
Appliance <5.32.00.18 |
References
15 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2301 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2301.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2301 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2301"
},
{
"category": "external",
"summary": "Red Hat Security Advsiory RHSA-2025:17563 vom 2025-10-14",
"url": "https://access.redhat.com/errata/RHSA-2025:17563"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:18076 vom 2025-10-15",
"url": "https://access.redhat.com/errata/RHSA-2025:18076"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-10-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0124532"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin",
"url": "https://confluence.atlassian.com/security/security-bulletin-october-21-2025-1652920034.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19077 vom 2025-10-23",
"url": "https://access.redhat.com/errata/RHSA-2025:19077"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2025-390 vom 2025-11-05",
"url": "https://www.dell.com/support/kbdoc/000385230"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21148 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:21148"
},
{
"category": "external",
"summary": "PDFreactor ReleaseNotes vom 2025-12-04",
"url": "https://www.pdfreactor.com/pdfreactor-12-4/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7253849 vom 2025-12-04",
"url": "https://www.ibm.com/support/pages/node/7253849"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23417 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23417"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259319 vom 2026-01-30",
"url": "https://www.ibm.com/support/pages/node/7259319"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3102 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:3102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3951 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3951"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-05T23:00:00.000+00:00",
"generator": {
"date": "2026-03-06T10:24:06.464+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2301",
"initial_release_date": "2025-10-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
},
{
"date": "2025-10-21T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-10-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-04T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.1.1",
"product": {
"name": "Atlassian Jira \u003c11.1.1",
"product_id": "T048027"
}
},
{
"category": "product_version",
"name": "11.1.1",
"product": {
"name": "Atlassian Jira 11.1.1",
"product_id": "T048027-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:11.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3.12",
"product": {
"name": "Atlassian Jira \u003c10.3.12",
"product_id": "T048028"
}
},
{
"category": "product_version",
"name": "10.3.12",
"product": {
"name": "Atlassian Jira 10.3.12",
"product_id": "T048028-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.3.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.12.28",
"product": {
"name": "Atlassian Jira \u003c9.12.28",
"product_id": "T048029"
}
},
{
"category": "product_version",
"name": "9.12.28",
"product": {
"name": "Atlassian Jira 9.12.28",
"product_id": "T048029-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:9.12.28"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Appliance \u003c5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance \u003c5.32.00.18",
"product_id": "T048301"
}
},
{
"category": "product_version",
"name": "Appliance 5.32.00.18",
"product": {
"name": "Dell Secure Connect Gateway Appliance 5.32.00.18",
"product_id": "T048301-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:secure_connect_gateway:appliance__5.32.00.18"
}
}
}
],
"category": "product_name",
"name": "Secure Connect Gateway"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c25.09.17.0",
"product": {
"name": "HCL Commerce \u003c25.09.17.0",
"product_id": "T047719"
}
},
{
"category": "product_version",
"name": "25.09.17.0",
"product": {
"name": "HCL Commerce 25.09.17.0",
"product_id": "T047719-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:25.09.17.0"
}
}
}
],
"category": "product_name",
"name": "Commerce"
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T024464",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:containers"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.3.5",
"product": {
"name": "IBM Storage Scale \u003c5.2.3.5",
"product_id": "T049116"
}
},
{
"category": "product_version",
"name": "5.2.3.5",
"product": {
"name": "IBM Storage Scale 5.2.3.5",
"product_id": "T049116-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_scale:5.2.3.5"
}
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.4",
"product": {
"name": "RealObjects PDFreactor \u003c12.4",
"product_id": "T049106"
}
},
{
"category": "product_version",
"name": "12.4",
"product": {
"name": "RealObjects PDFreactor 12.4",
"product_id": "T049106-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:realobjects:pdfreactor:12.4"
}
}
}
],
"category": "product_name",
"name": "PDFreactor"
}
],
"category": "vendor",
"name": "RealObjects"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Quarkus \u003c3.20.3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus \u003c3.20.3",
"product_id": "T047646"
}
},
{
"category": "product_version",
"name": "Quarkus 3.20.3",
"product": {
"name": "Red Hat Enterprise Linux Quarkus 3.20.3",
"product_id": "T047646-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quarkus_3.20.3"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58056",
"product_status": {
"known_affected": [
"T047646",
"67646",
"T024464",
"T047719",
"T048029",
"T048028",
"T049106",
"T048027",
"T049116",
"T048301"
]
},
"release_date": "2025-10-14T22:00:00.000+00:00",
"title": "CVE-2025-58056"
},
{
"cve": "CVE-2025-58057",
"product_status": {
"known_affected": [
"T047646",
"67646",
"T024464",
"T047719",
"T048029",
"T048028",
"T049106",
"T048027",
"T049116",
"T048301"
]
},
"release_date": "2025-10-14T22:00:00.000+00:00",
"title": "CVE-2025-58057"
}
]
}
WID-SEC-W-2025-2763
Vulnerability from csaf_certbund - Published: 2025-12-08 23:00 - Updated: 2025-12-08 23:00Summary
IBM InfoSphere Information Server (Netty, FreeScout): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.0
IBM / InfoSphere Information Server
|
<11.7.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.0
IBM / InfoSphere Information Server
|
<11.7.1.0 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.0
IBM / InfoSphere Information Server
|
<11.7.1.0 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in IBM InfoSphere Information Server ausnutzen, um Dateien zu manipulieren, beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2763 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2763.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2763 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2763"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-12-08",
"url": "https://www.ibm.com/support/pages/node/7253659"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server (Netty, FreeScout): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-08T23:00:00.000+00:00",
"generator": {
"date": "2025-12-09T10:54:59.595+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2763",
"initial_release_date": "2025-12-08T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-12-08T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.7.1.0",
"product": {
"name": "IBM InfoSphere Information Server \u003c11.7.1.0",
"product_id": "T049200"
}
},
{
"category": "product_version",
"name": "11.7.1.0",
"product": {
"name": "IBM InfoSphere Information Server 11.7.1.0",
"product_id": "T049200-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7.1.0"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58056",
"product_status": {
"known_affected": [
"T049200"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-58056"
},
{
"cve": "CVE-2025-58057",
"product_status": {
"known_affected": [
"T049200"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58163",
"product_status": {
"known_affected": [
"T049200"
]
},
"release_date": "2025-12-08T23:00:00.000+00:00",
"title": "CVE-2025-58163"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…