Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-59375 (GCVE-0-2025-59375)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-05-12 12:08
VLAI
EPSS
Summary
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
9 references
Impacted products
20 products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:22:58.509715Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:23:08.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-05-01T14:25:12.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/01/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCH328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM324",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM328",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XCM332",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24 V DC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:08:30.282Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libexpat",
"vendor": "libexpat project",
"versions": [
{
"lessThan": "2.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.7.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T13:21:47.961Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"url": "https://issues.oss-fuzz.com/issues/439133977"
},
{
"url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59375",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-09-15T00:00:00.000Z",
"dateUpdated": "2026-05-12T12:08:30.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-59375",
"date": "2026-06-04",
"epss": "0.00102",
"percentile": "0.27521"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-59375\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-09-15T03:15:40.920\",\"lastModified\":\"2026-05-12T13:17:22.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2\",\"matchCriteriaId\":\"2562E072-C9E9-432C-9545-404F89D73E00\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/1018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/1034\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://issues.oss-fuzz.com/issues/439133977\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/01/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/16/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/01/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59375\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-15T20:22:58.509715Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-15T20:23:05.396Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C\"}}], \"affected\": [{\"vendor\": \"libexpat project\", \"product\": \"libexpat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.7.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/1018\"}, {\"url\": \"https://github.com/libexpat/libexpat/pull/1034\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\"}, {\"url\": \"https://issues.oss-fuzz.com/issues/439133977\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.7.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-09-17T13:21:47.961Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-59375\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\", \"dateReserved\": \"2025-09-15T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-09-15T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2025:23449
Vulnerability from csaf_redhat - Published: 2025-12-17 08:22 - Updated: 2026-06-05 01:13Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)
Severity
Important
Notes
Topic: Red Hat AI Inference Server 3.2.5 (ROCm) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
84 references
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.5 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23449",
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23449.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.5 (ROCm)",
"tracking": {
"current_release_date": "2026-06-05T01:13:21+00:00",
"generator": {
"date": "2026-06-05T01:13:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:23449",
"initial_release_date": "2025-12-17T08:22:31+00:00",
"revision_history": [
{
"date": "2025-12-17T08:22:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T08:22:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T01:13:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3Ac5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=3.2.5-1765552603"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T08:22:31+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:23449",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:c5efe40fa2a6e98d7d3d6676befff0dbbd87b2887769bb7e5856c5b0b0ada125_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
}
]
}
RHSA-2025:23550
Vulnerability from csaf_redhat - Published: 2025-12-17 20:50 - Updated: 2026-06-02 15:25Summary
Red Hat Security Advisory: RHSA 4.8.7 security and bug fix update
Severity
Important
Notes
Topic: Updated images are now available for Red Hat Advanced Cluster Security
(RHACS), which typically include new features, bug fixes, and/or
security patches.
Details: See the release notes (link in the references section) for a
description of the fixes and enhancements in this particular release.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat Advanced Cluster Security\n(RHACS), which typically include new features, bug fixes, and/or\nsecurity patches.",
"title": "Topic"
},
{
"category": "general",
"text": "See the release notes (link in the references section) for a\ndescription of the fixes and enhancements in this particular release.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23550",
"url": "https://access.redhat.com/errata/RHSA-2025:23550"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-487_release-notes-48",
"url": "https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_security_for_kubernetes/4.8/html-single/release_notes/index#about-this-release-487_release-notes-48"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23550.json"
}
],
"title": "Red Hat Security Advisory: RHSA 4.8.7 security and bug fix update",
"tracking": {
"current_release_date": "2026-06-02T15:25:13+00:00",
"generator": {
"date": "2026-06-02T15:25:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:23550",
"initial_release_date": "2025-12-17T20:50:30+00:00",
"revision_history": [
{
"date": "2025-12-17T20:50:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T20:50:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:25:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product": {
"name": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Security for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3Aa269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ac3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3Afc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528?arch=arm64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3Abd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3A899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3Ac08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3Ad27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ae3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f?arch=ppc64le\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Ab083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-operator-bundle@sha256%3A24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3A6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3Adb4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3Ac502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb?arch=amd64\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-central-db-rhel8@sha256%3A45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-collector-rhel8@sha256%3A5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-main-rhel8@sha256%3Aca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-rhel8-operator@sha256%3A7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-roxctl-rhel8@sha256%3Ab72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-rhel8@sha256%3A7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-rhel8@sha256%3A1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-db-slim-rhel8@sha256%3A0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-slim-rhel8@sha256%3A8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-rhel8@sha256%3A9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"product": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"product_id": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhacs-scanner-v4-db-rhel8@sha256%3A4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1?arch=s390x\u0026repository_url=registry.redhat.io/advanced-cluster-security"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64 as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le as a component of Red Hat Advanced Cluster Security for Kubernetes 4.8",
"product_id": "Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le"
},
"product_reference": "registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Security for Kubernetes 4.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T20:50:30+00:00",
"details": "If you are using an earlier version of RHACS, you are advised to\nupgrade to the version of RHACS mentioned in the synopsis and release\nnotes in order to take advantage of the enhancements, bug fixes, and/or\nsecurity patches in the release.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23550"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:01afee5bfa92b8c5220b33f1610b8ae6c7611a802e43904c42014c9eda0c5586_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:33f3717c6f55ae602bf05c7f369082fc26f5948965659b945cc4b58d21346f6a_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:45a6429f750545190f0ccf20398402b45e9f1b6c58da928a3646c6b8bf953b61_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-central-db-rhel8@sha256:978b887e3c156ccac9c88c6e7faf6dc3c8f4add830e136305728bb8ad9412183_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:167aba25291e12b7b35098c72f48d81243c0388e12435b600516b8301f9414d9_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:5357318c90aeb742442e2db7cbc2877a784b5d70b587b69dfad1eb327f553900_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:7ad736268d5717923de2308f8ee8b6a492d54ace29dea6654b15b19b5e72cc10_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-collector-rhel8@sha256:bd8e764d37d7f0ff5e637bbf7d56572eb1f560d82767593774cd10b84d1ddd93_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:311585facdfee155f466002f3ab4a804555f18cb34ce4eaa291f49ff8b117bb4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:899e6c4761d0c70e04629f73e9e5b7ee03b1f8cb05580ffc32116e522b278039_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:b083c3f0682749eb4d9218e27440c48ddb3553d0b0c5e596aa00f4623d3a1230_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-main-rhel8@sha256:ca54cda9c9dc5057bf358d8726da096536693699d7afe35894771ded1e8344fc_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-operator-bundle@sha256:24481e3ee1dab49893e7f5891e97e3287ec6f35105b6e927ce0acc7da24a6982_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:7f628638e169ff2c041d52a6d99387ca6e7d0829861c963a5a31c5e60c90af4f_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:8db769981b2fecc5f079f4ab106d62b9cbf92f112f75119bd7508acaec8952e7_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:9e9abaf0df077ca0d0f7ed49423f42dfa9fa591ac2aff0eb7ff4e5895fc91aa7_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:c08e5f2f4d01dd3c75f65cc731e12658a4d1e17d6b3113ce1dc2ae5799852705_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:663b633499c8230fb47d4e8c0094403edc8b9c7b74aea5d56fe84bb18a1500c4_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:6c17ff5115ebe1206681f282c6cf32dfe5f94db8a2ab779512a8e09553a8b92b_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:798b8dd5a606592f6a3b5a3446ca88232c6450619db8d0c83af2f1fa827791bc_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-roxctl-rhel8@sha256:b72a08265a5f91bff282d2cbcb7f2deea0f6dc4d929cb52b1d07476e431be150_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:1b6d931578d1e5e82e305e62a8328278b8292d63ef70a88b436fae6c171905b5_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:5ebb6a165c63a0f72a6fcc01c247a5597fd87bd87ce7d2b20745240a1da7b7fb_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8470fd7f948c8195ec63ebf39e9589ceecb6b5cdf8b71f786cb32f602c8a1eef_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:db4be4eefce4730e4435bfd1abe06c8582e19d8e638b30234baaff30800e5443_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:0c0992ea41ed0e01478199af484e921d472a1b1e34e09fe4ae7faa6009f0318e_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:418a951de9a504a26ff31ef7f267cc6af7574a75de21d704cf1693d15c307e58_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:9acf24325543bd8570f410a120450b71fe64ff769a6f8e387ff95bd1022856dd_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a269cd0991720451bde21df2a4c9186acc971b76ea9b07863e5919a8522d606a_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:10b596212408e9e8304a39069ed23e4c1c9217c549a3974197847c7855c4e253_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:7aa506c702445f4a3b69566ee299d5a943d3b9991a4a23c6961ed4e42690af3b_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:81901a90ba59fe931cf0223d8cad5e5d1d970151d3a59493ca724d59e9e6493b_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-rhel8@sha256:976ad47ea4c9cf62e17b59256fedf7f32ec779ae808262c0e1e1a7779705f083_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:25c12ba6503e762b1310b02c8b2b28f6963b01f4c26dc4553fcadcf046234de0_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:8c3b996bfda0c74b39b1f134a7a62c3286e033bc4ecb4d11ff910231986472ac_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:c3ba85a02158d1390946b2f1170faeba8cc1e21bcf00def01cd1dceffe459dab_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:d27ce90fd808d98e64b05043e50350437bed84d075db1c3ea3d23475613b78d6_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:103b45a6d4032d2f2aad80f200093870415741a94e45969af5cb9ac74b9d90fb_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4dba7b25b2129a6d448e5dc27a669b2ad963bc5efadff3fac73f583afcc717b1_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:4ef9767e1c7d6f790adc8440ea76510c7654bffa490399445c98eeaf140a758f_ppc64le",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-db-rhel8@sha256:fc61f8f1c43661c4861c451a14ea801af7fee7789cc42a454221bfbc06b12528_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:416bcfa0abc17b80b446461a1a7279531f8d2e0961112eed3746c2defcefc862_arm64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:9f5d9350bb2cc0e84928860b021f769df3047f3eb9c8dc870af7ecf6af991496_s390x",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:c502c6976b2a3bb72a08bc5a15e534dbb02dd792f05b2081d74cf4dca85cf37e_amd64",
"Red Hat Advanced Cluster Security for Kubernetes 4.8:registry.redhat.io/advanced-cluster-security/rhacs-scanner-v4-rhel8@sha256:e3ebd256fdda682e6f9145d88bf425b47dcef5c9aff49667fc80aa4468603319_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0001
Vulnerability from csaf_redhat - Published: 2026-01-05 00:51 - Updated: 2026-06-03 17:13Summary
Red Hat Security Advisory: spice-client-win security update
Severity
Important
Notes
Topic: An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Spice client MSI installers for Windows clients
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
38 references
Acknowledgments
AnchorSec Ltd.
Gareth C
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* sqlite: Integer Truncation in SQLite (CVE-2025-6965)\n\n* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)\n\n* libtiff: Libtiff Write-What-Where (CVE-2025-9900)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0001",
"url": "https://access.redhat.com/errata/RHSA-2026:0001"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0001.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-06-03T17:13:13+00:00",
"generator": {
"date": "2026-06-03T17:13:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0001",
"initial_release_date": "2026-01-05T00:51:17+00:00",
"revision_history": [
{
"date": "2026-01-05T00:51:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-05T00:51:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:13:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-3.el8_8.1.src",
"product": {
"name": "spice-client-win-0:8.10-3.el8_8.1.src",
"product_id": "spice-client-win-0:8.10-3.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-3.el8_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-3.el8_8.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-3.el8_8.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T00:51:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0001"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T00:51:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0001"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T00:51:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0001"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T00:51:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0001"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-3.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0076
Vulnerability from csaf_redhat - Published: 2026-01-05 18:01 - Updated: 2026-06-03 17:13Summary
Red Hat Security Advisory: spice-client-win security update
Severity
Important
Notes
Topic: An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Spice client MSI installers for Windows clients
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
38 references
Acknowledgments
AnchorSec Ltd.
Gareth C
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* sqlite: Integer Truncation in SQLite (CVE-2025-6965)\n\n* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)\n\n* libtiff: Libtiff Write-What-Where (CVE-2025-9900)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0076",
"url": "https://access.redhat.com/errata/RHSA-2026:0076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0076.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-06-03T17:13:13+00:00",
"generator": {
"date": "2026-06-03T17:13:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0076",
"initial_release_date": "2026-01-05T18:01:00+00:00",
"revision_history": [
{
"date": "2026-01-05T18:01:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-05T18:01:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:13:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-3.el8_6.1.src",
"product": {
"name": "spice-client-win-0:8.10-3.el8_6.1.src",
"product_id": "spice-client-win-0:8.10-3.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-3.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-3.el8_6.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-3.el8_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:01:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:01:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:01:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0076"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:01:00+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0076"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-3.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-3.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-3.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0077
Vulnerability from csaf_redhat - Published: 2026-01-05 18:07 - Updated: 2026-06-03 17:13Summary
Red Hat Security Advisory: spice-client-win security update
Severity
Important
Notes
Topic: An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Spice client MSI installers for Windows clients
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
38 references
Acknowledgments
AnchorSec Ltd.
Gareth C
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* sqlite: Integer Truncation in SQLite (CVE-2025-6965)\n\n* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)\n\n* libtiff: Libtiff Write-What-Where (CVE-2025-9900)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0077",
"url": "https://access.redhat.com/errata/RHSA-2026:0077"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0077.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-06-03T17:13:14+00:00",
"generator": {
"date": "2026-06-03T17:13:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0077",
"initial_release_date": "2026-01-05T18:07:35+00:00",
"revision_history": [
{
"date": "2026-01-05T18:07:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-05T18:07:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:13:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-3.el8_4.1.src",
"product": {
"name": "spice-client-win-0:8.10-3.el8_4.1.src",
"product_id": "spice-client-win-0:8.10-3.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-3.el8_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-3.el8_4.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-3.el8_4.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:07:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0077"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:07:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0077"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:07:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0077"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T18:07:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0077"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-3.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-3.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-3.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0078
Vulnerability from csaf_redhat - Published: 2026-01-05 17:40 - Updated: 2026-06-03 17:13Summary
Red Hat Security Advisory: spice-client-win security update
Severity
Important
Notes
Topic: An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Spice client MSI installers for Windows clients
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
38 references
Acknowledgments
AnchorSec Ltd.
Gareth C
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* sqlite: Integer Truncation in SQLite (CVE-2025-6965)\n\n* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)\n\n* libtiff: Libtiff Write-What-Where (CVE-2025-9900)\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0078",
"url": "https://access.redhat.com/errata/RHSA-2026:0078"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0078.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-06-03T17:13:14+00:00",
"generator": {
"date": "2026-06-03T17:13:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0078",
"initial_release_date": "2026-01-05T17:40:30+00:00",
"revision_history": [
{
"date": "2026-01-05T17:40:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-05T17:40:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-03T17:13:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-3.el8_2.1.src",
"product": {
"name": "spice-client-win-0:8.10-3.el8_2.1.src",
"product_id": "spice-client-win-0:8.10-3.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-3.el8_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-3.el8_2.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-3.el8_2.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-3.el8_2.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-3.el8_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-3.el8_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-3.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src"
},
"product_reference": "spice-client-win-0:8.10-3.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-3.el8_2.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-3.el8_2.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-3.el8_2.1.noarch",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T17:40:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T17:40:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T17:40:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0078"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-05T17:40:30+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0078"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-3.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-3.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-3.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0316
Vulnerability from csaf_redhat - Published: 2026-01-15 05:12 - Updated: 2026-06-05 01:14Summary
Red Hat Security Advisory: OpenShift Container Platform 4.12.84 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.12.84 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.12.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.84. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/157795
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes
Security Fix(es):
None
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.
8.2 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
46 references
Acknowledgments
Zavier Lee
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.12.84 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.12.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.12.84. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/157795\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nSecurity Fix(es):\n\nNone\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0316",
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2367235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367235"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2402727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402727"
},
{
"category": "external",
"summary": "2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "OCPBUGS-65982",
"url": "https://issues.redhat.com/browse/OCPBUGS-65982"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0316.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.12.84 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T01:14:15+00:00",
"generator": {
"date": "2026-06-05T01:14:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0316",
"initial_release_date": "2026-01-15T05:12:28+00:00",
"revision_history": [
{
"date": "2026-01-15T05:12:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T05:12:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T01:14:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.12",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-412.86.202601061735-0",
"product": {
"name": "rhcos-x86_64-412.86.202601061735-0",
"product_id": "rhcos-x86_64-412.86.202601061735-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@412.86.202601061735?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-412.86.202601061735-0 as a component of Red Hat OpenShift Container Platform 4.12",
"product_id": "8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
},
"product_reference": "rhcos-x86_64-412.86.202601061735-0",
"relates_to_product_reference": "8Base-RHOSE-4.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4953",
"cwe": {
"id": "CWE-378",
"name": "Creation of Temporary File With Insecure Permissions"
},
"discovery_date": "2025-05-19T11:46:53.335000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367235"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "podman: Build Context Bind Mount",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is classified as Moderate rather than Important because exploitation requires several preconditions: an attacker must have unprivileged access to the host during the build process, the container build must include long-running steps (e.g., RUN sleep) that prolong the existence of the temporary build context, and files must be created with overly permissive permissions (e.g., 4777). The vulnerability does not allow remote code execution or compromise of running containers, and it only exposes files temporarily present in the build context. Therefore, while it can lead to information disclosure, the scope and impact are limited to local users with concurrent access, making the overall risk moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4953"
},
{
"category": "external",
"summary": "RHBZ#2367235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367235"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4953"
},
{
"category": "external",
"summary": "https://github.com/containers/podman/pull/25173",
"url": "https://github.com/containers/podman/pull/25173"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "Avoid long-running build steps and overly permissive file permissions. Use RUN --mount=type=secret for sensitive data instead of bind mounts.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "podman: Build Context Bind Mount"
},
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"acknowledgments": [
{
"names": [
"Zavier Lee"
]
}
],
"cve": "CVE-2025-11561",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"discovery_date": "2025-10-09T12:57:29.851000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402727"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this issue as High severity for domain-joined Linux systems using default SSSD configurations. While the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled by default, fallback to the an2ln plugin can occur, allowing a domain user who can modify certain Active Directory attributes (such as userPrincipalName or samAccountName) to map to privileged local accounts. This could lead to unauthorized access or elevated privileges on affected Linux hosts. Administrators are advised to review and apply recommended hardening configurations to mitigate this behavior.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11561"
},
{
"category": "external",
"summary": "RHBZ#2402727",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402727"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11561",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11561"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11561"
},
{
"category": "external",
"summary": "https://blog.async.sg/kerberos-ldr",
"url": "https://blog.async.sg/kerberos-ldr"
},
{
"category": "external",
"summary": "https://github.com/SSSD/sssd/issues/8021",
"url": "https://github.com/SSSD/sssd/issues/8021"
}
],
"release_date": "2025-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure the SSSD Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is configured and the an2ln plugin is disabled by adding \"disable = an2ln\" in a krb5 include file, for example /var/lib/sss/pubconf/krb5.include.d/localauth_plugin and make sure it is included in the Kerberos configuration. Apply vendor updates and follow Red Hat guidance for SSSD hardening.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-52881",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.652000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404715"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process. The mitigation applied for CVE-2019-16884 was fairly limited and effectively only caused runc to verify that when we write LSM labels that those labels are actual procfs files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "RHBZ#2404715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404715"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52881"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/selinux/pull/237",
"url": "https://github.com/opencontainers/selinux/pull/237"
}
],
"release_date": "2025-11-05T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using rootless containers, as doing so will block most of the inadvertent writes (runc would run with reduced privileges, making attempts to write to procfs files ineffective).\n* Based on our analysis, neither AppArmor or SELinux can protect against the full version of the redirected write attack. The container runtime is generally privileged enough to write to arbitrary procfs files, which is more than sufficient to cause a container breakout.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T05:12:28+00:00",
"details": "For OpenShift Container Platform 4.12 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes\n\nYou may download the oc tool and use it to inspect release image metadata for the x86_64 architecture. The image digest may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\n The sha value for the release is as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:9ea794d2dd24ff7377534edfb0447e5398a28919a84300cc79fe7bb8ae550d1b\n\nAll OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSE-4.12:rhcos-x86_64-412.86.202601061735-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0326
Vulnerability from csaf_redhat - Published: 2026-01-15 18:47 - Updated: 2026-06-05 00:28Summary
Red Hat Security Advisory: OpenShift Container Platform 4.16.55 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.16.55 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.16.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.55. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/157888
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/
Security Fix(es):
* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
8.1 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
7.8 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
43 references
Acknowledgments
Ronald Crane
Cylo
Grant Millar
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.16.55 is now available with updates to packages and images that fix several bugs and add enhancements.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.16.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.16.55. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/157888\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nSecurity Fix(es):\n\n* libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914)\n* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)\n* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0326",
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0326.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.16.55 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-05T00:28:00+00:00",
"generator": {
"date": "2026-06-05T00:28:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0326",
"initial_release_date": "2026-01-15T18:47:30+00:00",
"revision_history": [
{
"date": "2026-01-15T18:47:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T18:47:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T00:28:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.16",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-416.94.202601071926-0",
"product": {
"name": "rhcos-aarch64-416.94.202601071926-0",
"product_id": "rhcos-aarch64-416.94.202601071926-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601071926?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-416.94.202601071926-0",
"product": {
"name": "rhcos-ppc64le-416.94.202601071926-0",
"product_id": "rhcos-ppc64le-416.94.202601071926-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601071926?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-416.94.202601071926-0",
"product": {
"name": "rhcos-s390x-416.94.202601071926-0",
"product_id": "rhcos-s390x-416.94.202601071926-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601071926?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-416.94.202601071926-0",
"product": {
"name": "rhcos-x86_64-416.94.202601071926-0",
"product_id": "rhcos-x86_64-416.94.202601071926-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@416.94.202601071926?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-416.94.202601071926-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0"
},
"product_reference": "rhcos-aarch64-416.94.202601071926-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-416.94.202601071926-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0"
},
"product_reference": "rhcos-ppc64le-416.94.202601071926-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-416.94.202601071926-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0"
},
"product_reference": "rhcos-s390x-416.94.202601071926-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-416.94.202601071926-0 as a component of Red Hat OpenShift Container Platform 4.16",
"product_id": "9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
},
"product_reference": "rhcos-x86_64-416.94.202601071926-0",
"relates_to_product_reference": "9Base-RHOSE-4.16"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"acknowledgments": [
{
"names": [
"Grant Millar"
],
"organization": "Cylo"
}
],
"cve": "CVE-2025-11234",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qemu-kvm: VNC WebSocket handshake use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as Moderate because it only affects the WebSocket protocol for communication (the VNC raw TCP socket is not affected) and the use of QEMU\u0027s in-process WebSocket feature is fairly niche.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11234"
},
{
"category": "external",
"summary": "RHBZ#2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234"
}
],
"release_date": "2025-09-30T12:18:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "qemu-kvm: VNC WebSocket handshake use-after-free"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:47:30+00:00",
"details": "For OpenShift Container Platform 4.16 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:283a4968c61885c67fd17ea4d6920b665c98d53fa85fc897e067d3c4c131da3b\n\n (For s390x architecture)\n The image digest is sha256:5db06d746a26930aa3a8ec756f77cfcf76bcfb838327a5c71d3a0e6d920b85c6\n\n (For ppc64le architecture)\n The image digest is sha256:444378df90349f12c84ec1447dfb2afa40fd28e6596d8d9ab9a37b9013fc6a62\n\n (For aarch64 architecture)\n The image digest is sha256:c837b6a0325105e8f1487cdebf12d1b41eaa609a88f37baf986f5361ba66b08b\n\nAll OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0326"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.16:rhcos-aarch64-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-ppc64le-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-s390x-416.94.202601071926-0",
"9Base-RHOSE-4.16:rhcos-x86_64-416.94.202601071926-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0332
Vulnerability from csaf_redhat - Published: 2026-01-15 18:56 - Updated: 2026-06-02 15:24Summary
Red Hat Security Advisory: OpenShift Container Platform 4.18.31 bug fix and security update
Severity
Important
Notes
Topic: Red Hat OpenShift Container Platform release 4.18.31 is now available with
updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container
Platform 4.18.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container
Platform 4.18.31. See the following advisory for the RPM packages for this
release:
https://access.redhat.com/errata/RHSA-2026:0331
Space precludes documenting all of the container images in this advisory.
See the following Release Notes documentation, which will be updated
shortly for this release, for details about these changes:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/
Security Fix(es):
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* expat: libexpat in Expat allows attackers to trigger large dynamic memory
allocations via a small document that is submitted for parsing
(CVE-2025-59375)
* openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
(CVE-2025-9230)
* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
All OpenShift Container Platform 4.18 users are advised to upgrade to these
updated packages and images when they are available in the appropriate
release channel. To check for available updates, use the OpenShift CLI (oc)
or web console. Instructions for upgrading a cluster are available at
https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A vulnerability exists in BIND’s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver’s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.
8.6 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
36 references
Acknowledgments
Cylo
Grant Millar
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Container Platform release 4.18.31 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\n This release includes a security update for Red Hat OpenShift Container\nPlatform 4.18.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.18.31. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2026:0331\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nSecurity Fix(es):\n\n* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)\n* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)\n* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory\nallocations via a small document that is submitted for parsing\n(CVE-2025-59375)\n* openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap\n(CVE-2025-9230)\n* qemu-kvm: VNC WebSocket handshake use-after-free (CVE-2025-11234)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0332",
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "OCPBUGS-64613",
"url": "https://issues.redhat.com/browse/OCPBUGS-64613"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0332.json"
}
],
"title": "Red Hat Security Advisory: OpenShift Container Platform 4.18.31 bug fix and security update",
"tracking": {
"current_release_date": "2026-06-02T15:24:12+00:00",
"generator": {
"date": "2026-06-02T15:24:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0332",
"initial_release_date": "2026-01-15T18:56:30+00:00",
"revision_history": [
{
"date": "2026-01-15T18:56:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T18:56:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:24:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Container Platform 4.18",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.18::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-aarch64-418.94.202601071817-0",
"product": {
"name": "rhcos-aarch64-418.94.202601071817-0",
"product_id": "rhcos-aarch64-418.94.202601071817-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601071817?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-ppc64le-418.94.202601071817-0",
"product": {
"name": "rhcos-ppc64le-418.94.202601071817-0",
"product_id": "rhcos-ppc64le-418.94.202601071817-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601071817?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-s390x-418.94.202601071817-0",
"product": {
"name": "rhcos-s390x-418.94.202601071817-0",
"product_id": "rhcos-s390x-418.94.202601071817-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601071817?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhcos-x86_64-418.94.202601071817-0",
"product": {
"name": "rhcos-x86_64-418.94.202601071817-0",
"product_id": "rhcos-x86_64-418.94.202601071817-0",
"product_identification_helper": {
"purl": "pkg:generic/redhat/rhcos@418.94.202601071817?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-aarch64-418.94.202601071817-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0"
},
"product_reference": "rhcos-aarch64-418.94.202601071817-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-ppc64le-418.94.202601071817-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0"
},
"product_reference": "rhcos-ppc64le-418.94.202601071817-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-s390x-418.94.202601071817-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0"
},
"product_reference": "rhcos-s390x-418.94.202601071817-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhcos-x86_64-418.94.202601071817-0 as a component of Red Hat OpenShift Container Platform 4.18",
"product_id": "9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
},
"product_reference": "rhcos-x86_64-418.94.202601071817-0",
"relates_to_product_reference": "9Base-RHOSE-4.18"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405830"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND 9 resolvers, where processing malformed DNSKEY records from a specially crafted zone can lead to resource exhaustion, primarily causing excessive CPU utilization. This issue enables a remote, unauthenticated attacker to degrade resolver performance and potentially cause a denial of service (DoS) for legitimate DNS clients.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Resource exhaustion via malformed DNSKEY handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered Important because it allows a remote, unauthenticated attacker to cause significant CPU exhaustion on vulnerable BIND resolvers by serving zones containing malformed DNSKEY records. The flaw triggers excessive computational effort during DNSKEY validation, leading to degraded performance and potential denial of service for legitimate clients. However, the issue affects availability only\u2014it does not enable code execution, data exposure, or privilege escalation\u2014so it is not classified as critical. Furthermore, authoritative servers are not impacted, limiting the scope of exposure to recursive resolvers. While the attack is easy to launch and can disrupt DNS operations, its effect ceases once the malicious traffic stops, making prompt patching and recursive access control effective mitigations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8677"
},
{
"category": "external",
"summary": "RHBZ#2405830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405830"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8677"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Resource exhaustion via malformed DNSKEY handling"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"acknowledgments": [
{
"names": [
"Grant Millar"
],
"organization": "Cylo"
}
],
"cve": "CVE-2025-11234",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network access to the VNC WebSocket port to cause a denial of service during the WebSocket handshake prior to the VNC client authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qemu-kvm: VNC WebSocket handshake use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been rated as Moderate because it only affects the WebSocket protocol for communication (the VNC raw TCP socket is not affected) and the use of QEMU\u0027s in-process WebSocket feature is fairly niche.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11234"
},
{
"category": "external",
"summary": "RHBZ#2401209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11234"
}
],
"release_date": "2025-09-30T12:18:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "qemu-kvm: VNC WebSocket handshake use-after-free"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-40780",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2025-10-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405829"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in BIND resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG). This weakness allows an attacker to potentially predict the source port and query ID used by BIND, enabling cache poisoning attacks. If successful, the attacker can inject malicious DNS responses into the resolver\u2019s cache, causing clients to receive spoofed DNS data. Authoritative servers are generally unaffected, but recursive resolvers are exposed to this risk. Exploitation is remote and does not require user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning due to weak PRNG",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in BIND 9 resolvers caused by a weakness in the Pseudo Random Number Generator (PRNG) used to select the UDP source port and DNS query (transaction) ID. Exploitation requires an attacker to correctly predict both values and race the legitimate authoritative response with a spoofed packet to perform cache poisoning. While the PRNG weakness reduces entropy and makes prediction feasible under certain conditions, this still requires precise timing, on-path or spoofing capabilities, and targeting of recursive resolvers.\n\nThe impact is limited to resolver cache integrity; it does not allow remote code execution, privilege escalation, or direct compromise of the BIND server itself. Authoritative servers are not affected. Additionally, operational mitigations such as DNSSEC validation, access control restricting recursion, and network-level packet filtering reduce real-world exploitability. No active exploits have been observed in the wild.\n\nBecause exploitation is non-trivial, requires network-level spoofing and precise timing, and only affects cache integrity without server compromise, the vulnerability is considered Important rather than Critical.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40780"
},
{
"category": "external",
"summary": "RHBZ#2405829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40780"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\n\nTo reduce risk, restrict recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning due to weak PRNG"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T18:56:30+00:00",
"details": "For OpenShift Container Platform 4.18 see the following documentation,\nwhich will be updated shortly for this release, for important instructions\non how to upgrade your cluster and fully apply this asynchronous errata\nupdate:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/\n\nYou may download the oc tool and use it to inspect release image metadata\nfor x86_64, s390x, ppc64le, and aarch64 architectures. The image digests\nmay be found at\nhttps://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.\n\nThe sha values for the release are as follows:\n\n (For x86_64 architecture)\n The image digest is sha256:64e8c4cbd3199beb1ebb8d6a208cb81fdfe62f4e52d7586033f534d35f981244\n\n (For s390x architecture)\n The image digest is sha256:5b964fa43873a20a66b95769bbcd6c31b028f505281fb045bb3c2ed6ca114e91\n\n (For ppc64le architecture)\n The image digest is sha256:2108325c5ee08249e1b0c0ad6a3daab197f5e2a1a83c8600d27c49ad0ff94307\n\n (For aarch64 architecture)\n The image digest is sha256:b465cef295a81eaf055c87a9af6d8ecdcc11cb1e898895d6df527eb155a7ff82\n\nAll OpenShift Container Platform 4.18 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift CLI (oc)\nor web console. Instructions for upgrading a cluster are available at\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0332"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOSE-4.18:rhcos-aarch64-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-ppc64le-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-s390x-418.94.202601071817-0",
"9Base-RHOSE-4.18:rhcos-x86_64-418.94.202601071817-0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
RHSA-2026:0414
Vulnerability from csaf_redhat - Published: 2026-01-08 22:34 - Updated: 2026-06-05 04:58Summary
Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage
Severity
Important
Notes
Topic: A Subscription Management tool for finding and reporting Red Hat product usage
Details: Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,
identifies, and reports environment data, or facts, such as the number of physical and virtual
systems on a network, their operating systems, and relevant configuration data stored within
them. Discovery also identifies and reports more detailed facts for some versions of key
Red Hat packages and products that it finds in the network.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Python/CPython that does not disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.
CWE-20 - Improper Input ValidationAffected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.
4.7 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
4.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Low
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
4.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.
8.7 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.
5.6 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.
8.8 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Threats
Impact
Moderate
A flaw was found in OpenSSH where the SSH client accepted \0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Threats
Impact
Moderate
A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Workaround
|
Threats
Impact
Important
A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
7.5 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.
5.3 (Medium)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management.
7.1 (High)
Affected products
Fixed
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
157 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0414",
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-4598",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59682",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64460",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64720",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-65018",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66031",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66293",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0414.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-06-05T04:58:51+00:00",
"generator": {
"date": "2026-06-05T04:58:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2026:0414",
"initial_release_date": "2026-01-08T22:34:17+00:00",
"revision_history": [
{
"date": "2026-01-08T22:34:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-08T22:34:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-05T04:58:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3Ad4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767888970"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1767904573"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-4598",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2025-05-29T19:04:54.578000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369242"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original\u0027s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner\u0027s permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original\u0027s SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was rated as having a severity of Moderate due to the complexity to exploit this flaw. The attacker needs to setup a way to win the race condition and have an unprivileged local account to successfully exploit this vulnerability.\n\nBy default Red Hat Enterprise Linux 8 doesn\u0027t allow systemd-coredump to create dumps of SUID programs as the /proc/sys/fs/suid_dumpable is set to 0, disabling by default this capability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4598"
},
{
"category": "external",
"summary": "RHBZ#2369242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4598"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/29/3",
"url": "https://www.openwall.com/lists/oss-security/2025/05/29/3"
}
],
"release_date": "2025-05-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "This issue can be mitigated by disabling the capability of the system to generate a coredump for SUID binaries. The perform that, the following command can be ran as `root` user:\n\n~~~\necho 0 \u003e /proc/sys/fs/suid_dumpable\n~~~\n\nWhile this mitigates this vulnerability while it\u0027s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59682",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-30T13:18:31.746000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2400450"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. The django.utils.archive.extract() function, used by startapp --templateand startproject --template, allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "django: Potential partial directory-traversal via archive.extract()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59682"
},
{
"category": "external",
"summary": "RHBZ#2400450",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400450"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59682"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59682"
}
],
"release_date": "2025-10-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "django: Potential partial directory-traversal via archive.extract()"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-64460",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-12-02T16:01:05.300335+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Django. This vulnerability allows a remote attacker to cause a potential denial-of-service (DoS) attack triggering Central Processing Unit (CPU) and memory exhaustion via specially crafted Extensible Markup Language (XML) input processed by the XML Deserializer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that process XML input using Django\u0027s XML Deserializer, including Red Hat Ansible Automation Platform, Red Hat OpenStack Platform, and OpenShift Service Mesh. A remote attacker can exploit this flaw by providing specially crafted XML, leading to a denial-of-service due to CPU and memory exhaustion.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64460"
},
{
"category": "external",
"summary": "RHBZ#2418366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64460"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64460"
},
{
"category": "external",
"summary": "https://docs.djangoproject.com/en/dev/releases/security/",
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"category": "external",
"summary": "https://groups.google.com/g/django-announce",
"url": "https://groups.google.com/g/django-announce"
},
{
"category": "external",
"summary": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/",
"url": "https://www.djangoproject.com/weblog/2025/dec/02/security-releases/"
}
],
"release_date": "2025-12-02T15:15:34.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Django: Django: Algorithmic complexity in XML Deserializer leads to denial of service"
},
{
"cve": "CVE-2025-64720",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-25T00:00:54.081073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416904"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. An out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component \u2264 alpha \u00d7 257 required by the simplified PNG API.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. An out-of-bounds read in libpng can occur when processing specially crafted palette images with `PNG_FLAG_OPTIMIZE_ALPHA` enabled. Successful exploitation requires a user to process a malicious PNG file, leading to potential application crash or information disclosure.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64720"
},
{
"category": "external",
"summary": "RHBZ#2416904",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416904"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64720"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643",
"url": "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/686",
"url": "https://github.com/pnggroup/libpng/issues/686"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/751",
"url": "https://github.com/pnggroup/libpng/pull/751"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww"
}
],
"release_date": "2025-11-24T23:45:38.315000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG buffer overflow"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-25T00:01:05.570152+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416907"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow flaw has been discovered in libpng. There is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG heap buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. A heap buffer overflow exists in the libpng library\u0027s png_image_finish_read function when processing specially crafted 16-bit interlaced PNG images with an 8-bit output format. Successful exploitation requires a user or an automated system to process a malicious PNG file, which could lead to application crashes or arbitrary code execution.\n\njava-*-openjdk-headless packages do not contain libsplashscreen.so, hence are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-65018"
},
{
"category": "external",
"summary": "RHBZ#2416907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416907"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65018"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d",
"url": "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea",
"url": "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/755",
"url": "https://github.com/pnggroup/libpng/issues/755"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/757",
"url": "https://github.com/pnggroup/libpng/pull/757"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g"
}
],
"release_date": "2025-11-24T23:50:18.294000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG heap buffer overflow"
},
{
"cve": "CVE-2025-66031",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2025-11-26T23:01:36.363253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417397"
}
],
"notes": [
{
"category": "description",
"text": "An ASN.1 Denial of Service (Dos) vulnerability exists in the node-forge asn1.fromDer function within forge/lib/asn1.js. The ASN.1 DER parser implementation (_fromDer) recurses for every constructed ASN.1 value (SEQUENCE, SET, etc.) and lacks a guard limiting recursion depth. An attacker can craft a small DER blob containing a very large nesting depth of constructed TLVs which causes the Node.js V8 engine to exhaust its call stack and throw RangeError: Maximum call stack size exceeded, crashing or incapacitating the process handling the parse. This is a remote, low-cost Denial-of-Service against applications that parse untrusted ASN.1 objects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge ASN.1 Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66031"
},
{
"category": "external",
"summary": "RHBZ#2417397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66031"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451",
"url": "https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27"
}
],
"release_date": "2025-11-26T22:23:26.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "node-forge: node-forge ASN.1 Unbounded Recursion"
},
{
"cve": "CVE-2025-66293",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-03T21:00:59.956903+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418711"
}
],
"notes": [
{
"category": "description",
"text": "An out of bounds read vulnerability has been discovered in libpng. This vulnerability is in libpng\u0027s simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng\u0027s internal state management.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: LIBPNG out-of-bounds read in png_image_read_composite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important as it affects libpng, a widely used library for PNG image processing. The flaw is due to an out-of-bounds read in libpng\u2019s simplified API when handling specially crafted PNG images containing partial transparency and gamma correction data. Successful exploitation could result in information disclosure or cause application crashes in applications processing untrusted PNG content.\n\nFor `java-17-openjdk-headless` and `java-21-openjdk-headless`, while the affected code is present in the bundled sources, it is not exercised by these headless packages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66293"
},
{
"category": "external",
"summary": "RHBZ#2418711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418711"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66293"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1",
"url": "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a",
"url": "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/issues/764",
"url": "https://github.com/pnggroup/libpng/issues/764"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"
}
],
"release_date": "2025-12-03T20:33:57.086000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-08T22:34:17+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0414"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:75723049a444b5136e2d40920e2852f0840fecf60832a8bbb06e488fc9bba543_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:d4e8987a100ea60942306f1564679e51fa1364f6124fbfb3100959f83a1f16bf_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:8af6fd7c8fe38d6bfd22e42810badde0aeeae738ea28667ae29dbc0cf4266f3e_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…